SAP Security Notes Summary – February 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
KM-SEN-CMP | 3404025 | [CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion | 5,4 | 13.02.2024 |
CA-MDG-APP-MM | 2897391 | [CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material | 4,3 | 13.02.2024 |
BC-JAS-SEC-UME | 3417627 | [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application) | 8,8 | 13.02.2024 |
CA-WUI-UI | 3410875 | [CVE-2024-22130] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 7,6 | 13.02.2024 |
BC-FES-BUS | 3396109 | [CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML | 4,7 | 13.02.2024 |
CA-WUI-WKB | 3158455 | [CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 4,1 | 13.02.2024 |
FIN-FSCM-CLM | 2637727 | [CVE-2024-24739] Missing authorization check in SAP Bank Account Management | 6,3 | 13.02.2024 |
BC-FES-ITS | 3360827 | [CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel) | 5,3 | 13.02.2024 |
XX-IDES | 3421659 | [CVE-2024-22132] Code Injection vulnerability in SAP IDES Systems | 7,4 | 13.02.2024 |
CA-SUR | 3420923 | [CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis) | 9,1 | 13.02.2024 |
PA-FIO-OVT | 3237638 | [CVE-2024-25643] Missing authorization check in SAP Fiori app (“My Overtime Requests”) | 4,3 | 13.02.2024 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 13.02.2024 |
BC-GP | 3426111 | [CVE-2024-24743] XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures) | 8,6 | 13.02.2024 |
BC-MID-SCC | 3424610 | [CVE-2024-25642] Improper Certificate Validation in SAP Cloud Connector | 7,4 | 13.02.2024 |
BC-FES-WGU | 3385711 | [CVE-2023-49580] Information disclosure vulnerability in SAP NetWeaver Application Server ABAP | 7,3 | 13.02.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.