SAP Security Notes Summary – June 2023
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
CA-UI5-COR | 3324285 | [CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management) | 8,2 | 27.06.2023 |
BI-BIP-INV | 3319400 | [CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform | 6,1 | 13.06.2023 |
CRM-IPS-BTX-APL | 2826092 | [CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management) | 6,1 | 13.06.2023 |
BC-CTS-DTR | 3318657 | [CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository) | 6,4 | 13.06.2023 |
EP-PIN-NAV | 3331627 | [CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal) | 6,1 | 13.06.2023 |
BC-CTS-TMS-CTR | 3325642 | [CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System) | 2,7 | 13.06.2023 |
CA-UI5-CTR-BAL | 3326210 | [CVE-2023-30743] Improper Neutralization of Input in SAPUI5 | 7,1 | 13.06.2023 |
CA-WUI-UI-TAG | 3322800 | Update 1 to security note 3315971 – [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 6,1 | 13.06.2023 |
CA-WUI-UI-TAG | 3315971 | [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 6,1 | 13.06.2023 |
KM-KW-HTA | 3102769 | [CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse | 8,8 | 13.06.2023 |
LO-MD-BP | 3142092 | [CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) | 6,5 | 13.06.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.