SAP Security Notes Summary – February 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-XI-CON-UDS3273480[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)9,928.02.2023
BC-BSP3274585[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,128.02.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1014.02.2023
EPM-BPC-NW3271091[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation8,514.02.2023
BI-BIP-CMC3256787[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)8,414.02.2023
BC-DWB-TOO-ABA3287291[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform3,814.02.2023
BC-CCM-HAG3285757[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)8,814.02.2023
CA-WUI-UI-TAG2788178[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI4,314.02.2023
CA-GTF-CSC-DME2985905[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data6,514.02.2023
EPM-BPC-NW-INF3275841[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation5,414.02.2023
BC-ABA-LA3293786[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform6,114.02.2023
GRC-SPC-AC3281724[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)6,514.02.2023
FI-TV-ODT-MTR3290901[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)6,514.02.2023
CA-GTF-PCF3282663[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)6,114.02.2023
BC-BSP3269118[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,114.02.2023
BC-BSP3269151[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,114.02.2023
BC-MID-ICF3271227[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform6,114.02.2023
BC-MID-AC3268959[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform6,114.02.2023
SV-SMG-MON-SYS3266751[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.26,114.02.2023
SV-SMG-SVD-SWB3265846[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)6,514.02.2023
SV-SMG-SVD-SWB3267442[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)6,514.02.2023
SV-SMG-OP3270509[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager6,514.02.2023
BI-BIP-INV3263135[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform8,514.02.2023
BI-RA-WBI-FE3263863[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface4,314.02.2023
BC-JAS-WEB3262544[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)6,107.02.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy