SAP Security Notes Summary – August 2023

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
MM-FIO-PUR-REQ-SSP3156972[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)6,122.08.2023
CA-UI5-COR3149794Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI56,122.08.2023
SRM-EBP-INT2032723Switchable authorization checks for RFC in SRM6,38.08.2023
BI-RA-WBI3312586[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform4,48.08.2023
SBO-CRO-SEC3358300[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One7,68.08.2023
BI-BIP-INS3317710[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)7,68.08.2023
BI-BIP-CMC3312047Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload  in SAP BusinessObjects Business Intelligence Platform (CMC)7,58.08.2023
BC-CCM-CNF-PFL3348000[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform4,98.08.2023
BC-CST-MS3344295[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server7,58.08.2023
BC-SYB-PD3341599[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner7,88.08.2023
BC-SYB-PD3341460[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner9,88.08.2023
BC-CCM-HAG3358328[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent3,78.08.2023
BC-XI-IBF-WU3350494[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration6,18.08.2023
SBO-CRO-SEC3333616[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)5,38.08.2023
SBO-CRO-SEC3337797[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)7,18.08.2023
CEC-SCC-COM-BC-OCC3341934[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)5,98.08.2023
SRM-EBP-ADM-XBP2067220[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management5,88.08.2023
CEC-SCC-PLA-PL3346500[CVE-2023-39439] Improper authentication in SAP Commerce Cloud8,88.08.2023

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. Privacy Policy