SAP Security Notes Summary – March 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-JAS-ADM-LOG3433192[CVE-2024-22127] Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)9,112.03.2024
PA-FIO-LEA3417399[CVE-2024-22133] Improper Access Control in SAP Fiori Front End Server4,612.03.2024
BC-FES-WGU3377979[CVE-2024-27902] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP, applications based on SAPGUI for HTML (WebGUI)5,412.03.2024
BC-XI-IBF-UI3434192[CVE-2024-28163] Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)5,312.03.2024
CA-LCA-ACP3425274[CVE-2019-10744] Code Injection vulnerability in applications built with SAP Build Apps9,412.03.2024
BC-ESI-WS-JAV-RT3425682[CVE-2024-25644] Information Disclosure vulnerability in SAP NetWeaver (WSRM)5,312.03.2024
EP-PIN-APF-OPR3428847[CVE-2024-25645] Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal)5,312.03.2024
BI-BIP-CMC3414195[CVE-2023-50164] Path Traversal Vulnerability in SAP BusinessObjects Business Intelligence Platform (Central Management Console)7,212.03.2024
HAN-AS-XS3410615[CVE-2023-44487 ] Denial of service (DOS) in SAP HANA XS Classic and HANA XS Advanced7,512.03.2024
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.03.2024
BC-SRV-APS-APJ3419022[CVE-2024-27900]Missing Authorization check in SAP ABAP Platform4,312.03.2024
CEC-SCC-PLA-PL3346500[CVE-2023-39439] Improper authentication in SAP Commerce Cloud8,812.03.2024

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. Privacy Policy