SAP Security Notes Summary – August 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
CA-LCA-ACP | 3477196 | [CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps | 9,1 | 13.08.2024 |
BC-CST-IC | 3438085 | [CVE-2024-33005] Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java), SAP Web Dispatcher and SAP Content Server. | 6,3 | 13.08.2024 |
CA-EPT-SSC | 3474590 | [CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework | 6,5 | 13.08.2024 |
BC-SRV-LIM | 3494349 | [CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,3 | 13.08.2024 |
CEC-SCC-CDM-BO-FRW | 3483256 | [CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice | 5,4 | 13.08.2024 |
CA-GTF-DOB | 3477423 | [CVE-2024-39591] Missing Authorization check in SAP Document Builder | 4,3 | 13.08.2024 |
CEC-SCC-COM-BC-BCOM | 3471450 | [CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce | 5,3 | 13.08.2024 |
BC-FES-BUS-RUN | 3468102 | [CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP | 4,7 | 13.08.2024 |
CRM-MKT | 3487537 | [CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management) | 5,0 | 13.08.2024 |
BW-BEX-ET-WJR-EXP | 3485284 | [CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service | 8,2 | 13.08.2024 |
BI-BIP-INV | 3479478 | [CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform | 9,8 | 13.08.2024 |
IS-HER-CM-AD | 3479293 | [CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM) | 4,3 | 13.08.2024 |
PM-FIO-WCM | 3475427 | [CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work | 4,3 | 13.08.2024 |
BI-BIP-INV | 3433545 | [CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | 4,3 | 13.08.2024 |
BC-SYB-REP | 3495876 | [Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS) | 6,5 | 13.08.2024 |
CEC-COM-CPS-COR | 3459935 | [CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud | 7,4 | 13.08.2024 |
CA-GTF-DOB | 3459379 | [CVE-2024-34683] Unrestricted file upload in SAP Document Builder (HTTP service) | 6,5 | 13.08.2024 |
BC-SRV-DX-DXW | 3454858 | [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,1 | 13.08.2024 |
FIN-FSCM-CLM-BAM | 3150704 | [CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks) | 4,5 | 13.08.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.