SAP Security Notes Summary – July 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BW-PLA-BPS | 3482217 | [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse – Business Planning and Simulation | 6,1 | 9.07.2024 |
EP-PIN-WPC-WCM | 3468681 | [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor | 6,1 | 9.07.2024 |
BC-FES-GUI | 3461110 | [CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows | 5 | 9.07.2024 |
CA-WUI-UI | 3467377 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) | 6,1 | 9.07.2024 |
FIN-FSCM-PF-IHB | 3457354 | [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) | 5,4 | 9.07.2024 |
BC-BMT-WFM | 3485805 | [CVE-2024-34689] Allowlisting of callback-URLs in SAP Business Workflow (WebFlow Services) | 5 | 9.07.2024 |
BC-BMT-WFM | 3483993 | [CVE-2024-34689] Prerequisite for Security Note 3458789 | 5 | 9.07.2024 |
FIN-BA | 3483344 | [CVE-2024-39592] Missing Authorization check in SAP PDCE | 7,7 | 9.07.2024 |
KM-SEN-MGR | 3476348 | [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now | 4,3 | 9.07.2024 |
KM-SEN-MGR | 3476340 | [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now | 3,3 | 9.07.2024 |
CEC-SCC-COM-BC-CS | 3490515 | [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce | 7,2 | 9.07.2024 |
CA-WUI-UI | 3101986 | Prepare CSP support for On-Premise down port for code dependency in SAP CRM WebClient UI | 4,1 | 9.07.2024 |
TM-CP | 3469958 | [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal) | 5 | 9.07.2024 |
BC-VCM-LVM | 3466801 | [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management | 6,9 | 9.07.2024 |
BC-BMT-WFM | 3458789 | [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services) | 5 | 9.07.2024 |
BC-MID-ICF | 3456952 | [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,7 | 9.07.2024 |
BC-SRV-DX-DXW | 3454858 | [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,1 | 9.07.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.