SAP Security Notes Summary – August 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
CA-LCA-ACP3477196[CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps9,113.08.2024
BC-CST-IC3438085[CVE-2024-33005] Missing Authorization check in  SAP NetWeaver Application Server (ABAP and Java), SAP Web Dispatcher and SAP Content Server.6,313.08.2024
CA-EPT-SSC3474590[CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework6,513.08.2024
BC-SRV-LIM3494349[CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform4,313.08.2024
CEC-SCC-CDM-BO-FRW3483256[CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice5,413.08.2024
CA-GTF-DOB3477423[CVE-2024-39591] Missing Authorization check in SAP Document Builder4,313.08.2024
CEC-SCC-COM-BC-BCOM3471450[CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce5,313.08.2024
BC-FES-BUS-RUN3468102[CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP4,713.08.2024
CRM-MKT3487537[CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)5,013.08.2024
BW-BEX-ET-WJR-EXP3485284[CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service8,213.08.2024
BI-BIP-INV3479478[CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform9,813.08.2024
IS-HER-CM-AD3479293[CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM)4,313.08.2024
PM-FIO-WCM3475427[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work4,313.08.2024
BI-BIP-INV3433545[CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform4,313.08.2024
BC-SYB-REP3495876[Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS)6,513.08.2024
CEC-COM-CPS-COR3459935[CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud7,413.08.2024
CA-GTF-DOB3459379[CVE-2024-34683] Unrestricted file upload in SAP Document Builder (HTTP service)6,513.08.2024
BC-SRV-DX-DXW3454858[CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4,113.08.2024
FIN-FSCM-CLM-BAM3150704[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)4,513.08.2024
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy