SAP Security Notes Summary – February 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-XI-CON-UDS3273480[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)9,928.02.2023
BC-BSP3274585[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,128.02.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1014.02.2023
EPM-BPC-NW3271091[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation8,514.02.2023
BI-BIP-CMC3256787[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)8,414.02.2023
BC-DWB-TOO-ABA3287291[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform3,814.02.2023
BC-CCM-HAG3285757[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)8,814.02.2023
CA-WUI-UI-TAG2788178[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI4,314.02.2023
CA-GTF-CSC-DME2985905[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data6,514.02.2023
EPM-BPC-NW-INF3275841[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation5,414.02.2023
BC-ABA-LA3293786[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform6,114.02.2023
GRC-SPC-AC3281724[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)6,514.02.2023
FI-TV-ODT-MTR3290901[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)6,514.02.2023
CA-GTF-PCF3282663[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)6,114.02.2023
BC-BSP3269118[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,114.02.2023
BC-BSP3269151[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,114.02.2023
BC-MID-ICF3271227[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform6,114.02.2023
BC-MID-AC3268959[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform6,114.02.2023
SV-SMG-MON-SYS3266751[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.26,114.02.2023
SV-SMG-SVD-SWB3265846[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)6,514.02.2023
SV-SMG-SVD-SWB3267442[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)6,514.02.2023
SV-SMG-OP3270509[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager6,514.02.2023
BI-BIP-INV3263135[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform8,514.02.2023
BI-RA-WBI-FE3263863[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface4,314.02.2023
BC-JAS-WEB3262544[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)6,107.02.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Copyright © 2023. SAPBasisWorld.com Privacy Policy