SAP Security Notes Summary – December 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-CCM-SLD | 3351041 | [CVE-2024-47582] XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA | 5,3 | 10.12.2024 |
BC-SRV-FP | 3536965 | [CVE-2024-47578] Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) | 9,1 | 10.12.2024 |
BC-MID-UCO | 3536361 | [CVE-2024-47585] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,3 | 10.12.2024 |
CEC-SCC-COM-AS | 3535451 | [CVE-2024-47577] Information Disclosure vulnerability in SAP Commerce Cloud | 2,7 | 10.12.2024 |
BI-BIP-SEC | 3524933 | [CVE-2024-32732] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform | 5,3 | 10.12.2024 |
BC-CST-WDP | 3520281 | [CVE-2024-47590] Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher | 8,8 | 10.12.2024 |
BI-BIP-INV | 3515653 | Update 1 to Security Note 3433545: [CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | 4,3 | 10.12.2024 |
BI-BIP-INV | 3433545 | [CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | 4,3 | 10.12.2024 |
BC-JAS-ADM-MON | 3542543 | [CVE-2024-54197] Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) | 7,2 | 10.12.2024 |
PLM-PLC | 3504847 | [CVE-2024-47576] DLL Hijacking vulnerability in SAP Product Lifecycle Costing | 3,3 | 10.12.2024 |
BC-ABA-LA | 3504390 | [CVE-2024-47586] NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 7,5 | 10.12.2024 |
BC-MID-RFC | 3469791 | [CVE-2024-54198] Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP | 8,5 | 10.12.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.