SAP Security Notes Summary – March 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-JAS-ADM-LOG | 3433192 | [CVE-2024-22127] Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in) | 9,1 | 12.03.2024 |
PA-FIO-LEA | 3417399 | [CVE-2024-22133] Improper Access Control in SAP Fiori Front End Server | 4,6 | 12.03.2024 |
BC-FES-WGU | 3377979 | [CVE-2024-27902] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP, applications based on SAPGUI for HTML (WebGUI) | 5,4 | 12.03.2024 |
BC-XI-IBF-UI | 3434192 | [CVE-2024-28163] Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages) | 5,3 | 12.03.2024 |
CA-LCA-ACP | 3425274 | [CVE-2019-10744] Code Injection vulnerability in applications built with SAP Build Apps | 9,4 | 12.03.2024 |
BC-ESI-WS-JAV-RT | 3425682 | [CVE-2024-25644] Information Disclosure vulnerability in SAP NetWeaver (WSRM) | 5,3 | 12.03.2024 |
EP-PIN-APF-OPR | 3428847 | [CVE-2024-25645] Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal) | 5,3 | 12.03.2024 |
BI-BIP-CMC | 3414195 | [CVE-2023-50164] Path Traversal Vulnerability in SAP BusinessObjects Business Intelligence Platform (Central Management Console) | 7,2 | 12.03.2024 |
HAN-AS-XS | 3410615 | [CVE-2023-44487 ] Denial of service (DOS) in SAP HANA XS Classic and HANA XS Advanced | 7,5 | 12.03.2024 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 12.03.2024 |
BC-SRV-APS-APJ | 3419022 | [CVE-2024-27900]Missing Authorization check in SAP ABAP Platform | 4,3 | 12.03.2024 |
CEC-SCC-PLA-PL | 3346500 | [CVE-2023-39439] Improper authentication in SAP Commerce Cloud | 8,8 | 12.03.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.