SAP Security Notes Summary – May 2023
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
AP-MD-BF-SYN | 1794761 | [CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL) | 4,2 | 23.05.2023 |
MFG-PCO-DMC | 3301942 | [CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing | 7,9 | 23.05.2023 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 09.05.2023 |
BI-BIP-SRV | 3307833 | [CVE-2023-28762] Information disclosure vulnerabilities in SAP BusinessObjects Business Intelligence Platform | 9,1 | 09.05.2023 |
BI-BIP-LCM | 3233226 | [CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) | 6,8 | 09.05.2023 |
BI-BIP-SRV | 3217303 | [CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC) | 7,7 | 09.05.2023 |
BI-BIP-CMC | 3213524 | [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) | 6 | 09.05.2023 |
BI-BIP-ADM | 3213507 | [CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) | 8,2 | 09.05.2023 |
BI-BIP-ADM | 3145769 | [CVE-2022-27667] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC) | 5,3 | 09.05.2023 |
BC-SRV-AIF | 3117978 | [CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service) | 3,1 | 09.05.2023 |
CA-UI5-CTR-BAL | 3326210 | [CVE-2023-30743] Improper Neutralization of Input in SAPUI5 | 7,1 | 09.05.2023 |
CA-WUI-CON | 3315979 | [CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI | 5,4 | 09.05.2023 |
BI-BIP-INV | 3309935 | [CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform | 6,1 | 09.05.2023 |
BI-BIP-INV | 3313484 | [CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform | 6,3 | 09.05.2023 |
CA-VE | 3328495 | Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager | 9,8 | 09.05.2023 |
BC-JAS-EJB | 3317453 | [CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA | 8,2 | 09.05.2023 |
CA-WUI-UI-TAG | 3315971 | [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 6,1 | 09.05.2023 |
SCM-IBP-XLS | 3323415 | [CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel | 8,2 | 09.05.2023 |
BC-FES-GUI | 3320467 | [CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows | 7,5 | 09.05.2023 |
CEC-COM-CPS-OTH | 3320145 | Denial of service (DOS) in SAP Commerce | 7,5 | 09.05.2023 |
BI-BIP-INV | 3319400 | [CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform | 6,1 | 09.05.2023 |
BI-BIP-IDT | 3302595 | [CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform | 3,7 | 09.05.2023 |
BC-SYB-PD | 3300624 | [CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy) | 7,5 | 09.05.2023 |
EPM-BPC-NW-DOC | 3312892 | [CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation | 5,4 | 09.05.2023 |
LO-MD-BP-VM | 2335198 | [CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy | 2,8 | 09.05.2023 |
CEC-COM-CPS-OTH | 3321309 | Information Disclosure vulnerability in SAP Commerce (Backoffice) | 7,5 | 09.05.2023 |
BI-BIP-ADM | 3038911 | [CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service) | 5 | 09.05.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.