SAP Security Notes Summary – December 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-CCM-SLD3351041[CVE-2024-47582] XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA5,310.12.2024
BC-SRV-FP3536965[CVE-2024-47578] Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)9,110.12.2024
BC-MID-UCO3536361[CVE-2024-47585] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform4,310.12.2024
CEC-SCC-COM-AS3535451[CVE-2024-47577] Information Disclosure vulnerability in SAP Commerce Cloud2,710.12.2024
BI-BIP-SEC3524933[CVE-2024-32732] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform5,310.12.2024
BC-CST-WDP3520281[CVE-2024-47590] Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher8,810.12.2024
BI-BIP-INV3515653Update 1 to Security Note 3433545: [CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform4,310.12.2024
BI-BIP-INV3433545[CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform4,310.12.2024
BC-JAS-ADM-MON3542543[CVE-2024-54197] Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)7,210.12.2024
PLM-PLC3504847[CVE-2024-47576] DLL Hijacking vulnerability in SAP Product Lifecycle Costing3,310.12.2024
BC-ABA-LA3504390[CVE-2024-47586] NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform7,510.12.2024
BC-MID-RFC3469791[CVE-2024-54198] Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP8,510.12.2024

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2025. SAPBasisWorld.com Privacy Policy