SAP Security Notes Summary – July 2023

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
IS-OIL-DS-HPM3350297[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)9,125.07.2023
BW-BCT-GEN3331376[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)8,714.07.2023
SV-SMG-DIA-SRV-AGT3352058[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)7,211.07.2023
SV-SMG-DIA-SRV-AGT3348145[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)7,211.07.2023
IS-DFS-BIT-DIS3351410[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security4,911.07.2023
BW-BEX-OT-BICS-PROV3088078[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA4,511.07.2023
BC-JAS-SEC3324732[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)5,311.07.2023
BC-MID-RFC3318850[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform611.07.2023
BC-XI-IS-WKB3343564[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)6,511.07.2023
BC-XI-IS-WKB3343547[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)6,511.07.2023
BC-SYB-SQA-SRV3331029[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere7,811.07.2023
KM-SEN-MGR3326769[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now6,111.07.2023
BI-BIP-SRV3320702[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform5,911.07.2023
BC-CST-WDP3340735[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher7,711.07.2023
BC-CST-WDP3233899[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher8,611.07.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1011.07.2023
FI-FIO-GL-TRA3341211[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)6,311.07.2023

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. Privacy Policy