SAP Security Notes Summary – January 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
CA-MDG-APP-MM | 2897391 | [CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material | 4,3 | 01.02.2024 |
CA-MDG-ML | 3363690 | [CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance | 3,5 | 31.01.2024 |
BC-JAS-SEC | 3324732 | [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) | 5,3 | 09.01.2024 |
BC-CP-IS-EDG-DPL | 3413475 | [Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell | 9,1 | 09.01.2024 |
CA-LT-SLT | 3407617 | [CVE-2024-21735] Improper Authorization check in SAP LT Replication Server | 7,3 | 09.01.2024 |
CA-BAS-S8D | 3412456 | [CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA | 9,1 | 09.01.2024 |
FIN-FSCM-PF-IHB | 3260667 | [CVE-2024-21736] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) | 6,4 | 09.01.2024 |
CEC-MKT-DM-CON | 3190894 | [CVE-2024-21734] URL Redirection vulnerability in SAP Marketing (Contacts App) | 3,7 | 09.01.2024 |
BC-FES-CTL | 3386378 | [CVE-2024-22125] Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) | 7,4 | 09.01.2024 |
BC-CST-IC | 3392626 | [CVE-2024-22124] Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager | 4,1 | 09.01.2024 |
BC-CST-IC | 3389917 | [CVE-2023-44487] Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform | 7,5 | 09.01.2024 |
BC-SRV-AIF | 3411869 | [CVE-2024-21737] Code Injection vulnerability in SAP Application Interface Framework (File Adapter) | 8,4 | 09.01.2024 |
BC-SRV-COM | 3387737 | [CVE-2024-21738] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform | 4,1 | 09.01.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.