SAP Security Notes Summary – December 2023

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-CP-CF-SEC-LIB3411067[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries9,113.12.2023
SV-SMG-IMP3395306[CVE-2023-49587] Command Injection vulnerability in SAP Solution Manager6,412.12.2023
CA-UI5-COR-FND3159329Denial of service (DoS) vulnerability in JSZip library bundled within SAPUI55,312.12.2023
CA-MDG-ML3363690[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance3,512.12.2023
CEC-EMA3406244[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID7,112.12.2023
CA-FLP-ABA3406786[CVE-2023-49584] Client-Side Desynchronization vulnerability in SAP Fiori Launchpad4,312.12.2023
BC-CCM-MON-ORA3392547[CVE-2023-49581] SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,112.12.2023
BC-FES-GUI3385711[CVE-2023-49580] Information disclosure vulnerability in SAP GUI for WIndows and SAP GUI for Java7,312.12.2023
PY-IE3217087[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)6,112.12.2023
BI-BIP-ADM3382353[CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform7,512.12.2023
IS-OIL-DS-HPM3399691Update 1 to 3350297 – [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)9,112.12.2023
BC-MID-SCC3362463[CVE-2023-49578] Denial of service (DOS) in SAP Cloud Connector3,512.12.2023
CEC-COM-CPS3394567[CVE-2023-42481] Improper Access Control Vulnerability in SAP Commerce Cloud8,112.12.2023
FIN-FSCM-BD3383321[CVE-2023-42479] Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct6,112.12.2023
BI-RA-WBI-FE3369353[CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence6,812.12.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.12.2023
IS-OIL-DS-HPM3350297[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)9,112.12.2023

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. Privacy Policy