SAP Security Notes Summary – January 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
CA-MDG-APP-MM2897391[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material4,301.02.2024
CA-MDG-ML3363690[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance3,531.01.2024
BC-JAS-SEC3324732[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)5,309.01.2024
BC-CP-IS-EDG-DPL3413475[Multiple CVEs]  Escalation of Privileges in SAP Edge Integration Cell9,109.01.2024
CA-LT-SLT3407617[CVE-2024-21735] Improper Authorization check in SAP LT Replication Server7,309.01.2024
CA-BAS-S8D3412456[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA9,109.01.2024
FIN-FSCM-PF-IHB3260667[CVE-2024-21736] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)6,409.01.2024
CEC-MKT-DM-CON3190894[CVE-2024-21734] URL Redirection vulnerability in SAP Marketing (Contacts App)3,709.01.2024
BC-FES-CTL3386378[CVE-2024-22125] Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)7,409.01.2024
BC-CST-IC3392626[CVE-2024-22124] Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager4,109.01.2024
BC-CST-IC3389917[CVE-2023-44487] Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform7,509.01.2024
BC-SRV-AIF3411869[CVE-2024-21737] Code Injection vulnerability in SAP Application Interface Framework (File Adapter)8,409.01.2024
BC-SRV-COM3387737[CVE-2024-21738] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform4,109.01.2024

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. Privacy Policy