SAP Security Notes Summary – February 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP Component	Number	Title	CVSS Score	Released On
BC-XI-CON-UDS	3273480	[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)	9,9	28.02.2023
BC-BSP	3274585	[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)	6,1	28.02.2023
BC-FES-BUS-DSK	2622660	Security updates for the browser control Google Chromium delivered with SAP Business Client	10	14.02.2023
EPM-BPC-NW	3271091	[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation	8,5	14.02.2023
BI-BIP-CMC	3256787	[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)	8,4	14.02.2023
BC-DWB-TOO-ABA	3287291	[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform	3,8	14.02.2023
BC-CCM-HAG	3285757	[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)	8,8	14.02.2023
CA-WUI-UI-TAG	2788178	[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI	4,3	14.02.2023
CA-GTF-CSC-DME	2985905	[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data	6,5	14.02.2023
EPM-BPC-NW-INF	3275841	[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation	5,4	14.02.2023
BC-ABA-LA	3293786	[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform	6,1	14.02.2023
GRC-SPC-AC	3281724	[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)	6,5	14.02.2023
FI-TV-ODT-MTR	3290901	[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)	6,5	14.02.2023
CA-GTF-PCF	3282663	[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)	6,1	14.02.2023
BC-BSP	3269118	[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)	6,1	14.02.2023
BC-BSP	3269151	[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)	6,1	14.02.2023
BC-MID-ICF	3271227	[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform	6,1	14.02.2023
BC-MID-AC	3268959	[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform	6,1	14.02.2023
SV-SMG-MON-SYS	3266751	[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2	6,1	14.02.2023
SV-SMG-SVD-SWB	3265846	[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)	6,5	14.02.2023
SV-SMG-SVD-SWB	3267442	[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)	6,5	14.02.2023
SV-SMG-OP	3270509	[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager	6,5	14.02.2023
BI-BIP-INV	3263135	[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform	8,5	14.02.2023
BI-RA-WBI-FE	3263863	[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface	4,3	14.02.2023
BC-JAS-WEB	3262544	[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)	6,1	07.02.2023

source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Cancel Reply