SAP Security Notes Summary – March 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-CST-WDP3000663[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager5,428.03.2023
BC-XI-CON-UDS3273480[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)9,928.03.2023
FI-TV-ODT-MTR3290901[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)6,528.03.2023
BC-DWB-TOO-TDF3289844[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform6,814.03.2023
BI-BIP-CMC3245526[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)9,914.03.2023
BI-BIP-SRV3283438[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)914.03.2023
BC-IAM-SSO-OTP3302710[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android6,114.03.2023
BC-MID-ICF3296328[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform6,514.03.2023
BC-CTS-TMS3294954[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform8,714.03.2023
BC-CST-EQ3252433[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java9,914.03.2023
BC-CCM-PRN3294595[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform9,614.03.2023
BC-MID-ICF3296346[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform7,414.03.2023
BC-SRV-KPR-CS3281484[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server6,114.03.2023
BC-CCM-PRN-PC3274920[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver6,114.03.2023
BC-DOC-RIT3302162[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform9,614.03.2023
EP-PIN-PSL3284550[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)6,814.03.2023
SV-SMG-SDD3296476[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)8,814.03.2023
BC-CCM-MON-OS3275727[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL7,214.03.2023
BI-BIP-INV3287120[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform6,514.03.2023
BC-JAS-COR-SES3288480[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)5,314.03.2023
BC-JAS-COR-CSH3288096[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)5,314.03.2023
BC-JAS-COR3288394[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)5,314.03.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy