SAP Security Notes Summary – July 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BW-PLA-BPS3482217[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse – Business Planning and Simulation6,19.07.2024
EP-PIN-WPC-WCM3468681[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor6,19.07.2024
BC-FES-GUI3461110[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows59.07.2024
CA-WUI-UI3467377[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)6,19.07.2024
FIN-FSCM-PF-IHB3457354[CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)5,49.07.2024
BC-BMT-WFM3485805[CVE-2024-34689] Allowlisting of callback-URLs in SAP Business Workflow (WebFlow Services)59.07.2024
BC-BMT-WFM3483993[CVE-2024-34689] Prerequisite for Security Note 345878959.07.2024
FIN-BA3483344[CVE-2024-39592] Missing Authorization check in SAP PDCE7,79.07.2024
KM-SEN-MGR3476348[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now4,39.07.2024
KM-SEN-MGR3476340[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now3,39.07.2024
CEC-SCC-COM-BC-CS3490515[CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce7,29.07.2024
CA-WUI-UI3101986Prepare CSP support for On-Premise down port for code dependency in SAP CRM WebClient UI4,19.07.2024
TM-CP3469958[CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)59.07.2024
BC-VCM-LVM3466801[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management6,99.07.2024
BC-BMT-WFM3458789[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)59.07.2024
BC-MID-ICF3456952[CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform4,79.07.2024
BC-SRV-DX-DXW3454858[CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4,19.07.2024
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy