SAP Security Notes Summary – January 2025
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
| SAP Component | Number | Title | CVSS Score | Released On |
|---|---|---|---|---|
| BI-RA-CRE | 3492169 | Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise) | 2,2 | 14.01.2025 |
| BC-BMT-WFM | 3542698 | [CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow | 6,5 | 14.01.2025 |
| BC-FES-JAV | 3502459 | [CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java | 6,0 | 14.01.2025 |
| BC-FES-GUI | 3472837 | [CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows | 6,0 | 14.01.2025 |
| BC-MID-ICF | 3536461 | [CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 5,3 | 14.01.2025 |
| BC-WD-JAV | 3540108 | [CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java | 6,3 | 14.01.2025 |
| BC-MID-ICF | 3537476 | [CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform | 9,9 | 14.01.2025 |
| BC-JAS-SEC-UME | 3514421 | [CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) | 4,8 | 14.01.2025 |
| BI-BIP-INV | 3474398 | [CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform | 8,7 | 14.01.2025 |
| BC-DB-INF | 3550816 | [CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | 8,8 | 14.01.2025 |
| BC-MID-ICF | 3550708 | [CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework) | 9,9 | 14.01.2025 |
| BC-BMT-WFM | 3550674 | [CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP | 4,3 | 14.01.2025 |
| BC-FES-INS | 3542533 | [CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup | 7,8 | 14.01.2025 |
| BC-FES-WGU | 3503138 | [CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) | 6,0 | 14.01.2025 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.