SAP Security Notes Summary – July 2023
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
IS-OIL-DS-HPM | 3350297 | [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL) | 9,1 | 25.07.2023 |
BW-BCT-GEN | 3331376 | [CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON) | 8,7 | 14.07.2023 |
SV-SMG-DIA-SRV-AGT | 3352058 | [CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) | 7,2 | 11.07.2023 |
SV-SMG-DIA-SRV-AGT | 3348145 | [CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent) | 7,2 | 11.07.2023 |
IS-DFS-BIT-DIS | 3351410 | [CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security | 4,9 | 11.07.2023 |
BW-BEX-OT-BICS-PROV | 3088078 | [CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA | 4,5 | 11.07.2023 |
BC-JAS-SEC | 3324732 | [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) | 5,3 | 11.07.2023 |
BC-MID-RFC | 3318850 | [CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform | 6 | 11.07.2023 |
BC-XI-IS-WKB | 3343564 | [CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool) | 6,5 | 11.07.2023 |
BC-XI-IS-WKB | 3343547 | [CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench) | 6,5 | 11.07.2023 |
BC-SYB-SQA-SRV | 3331029 | [CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere | 7,8 | 11.07.2023 |
KM-SEN-MGR | 3326769 | [Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now | 6,1 | 11.07.2023 |
BI-BIP-SRV | 3320702 | [CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform | 5,9 | 11.07.2023 |
BC-CST-WDP | 3340735 | [CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher | 7,7 | 11.07.2023 |
BC-CST-WDP | 3233899 | [CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher | 8,6 | 11.07.2023 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 11.07.2023 |
FI-FIO-GL-TRA | 3341211 | [CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template) | 6,3 | 11.07.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.