SAP Security Notes Summary – May 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
AP-MD-BF-SYN1794761[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)4,223.05.2023
MFG-PCO-DMC3301942[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing7,923.05.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1009.05.2023
BI-BIP-SRV3307833[CVE-2023-28762] Information disclosure vulnerabilities in SAP BusinessObjects Business Intelligence Platform9,109.05.2023
BI-BIP-LCM3233226[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)6,809.05.2023
BI-BIP-SRV3217303[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)7,709.05.2023
BI-BIP-CMC3213524[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)609.05.2023
BI-BIP-ADM3213507[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)8,209.05.2023
BI-BIP-ADM3145769[CVE-2022-27667] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)5,309.05.2023
BC-SRV-AIF3117978[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)3,109.05.2023
CA-UI5-CTR-BAL3326210[CVE-2023-30743] Improper Neutralization of Input in SAPUI57,109.05.2023
CA-WUI-CON3315979[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI5,409.05.2023
BI-BIP-INV3309935[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform6,109.05.2023
BI-BIP-INV3313484[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform6,309.05.2023
CA-VE3328495Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager9,809.05.2023
BC-JAS-EJB3317453[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA8,209.05.2023
CA-WUI-UI-TAG3315971[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)6,109.05.2023
SCM-IBP-XLS3323415[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel8,209.05.2023
BC-FES-GUI3320467[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows7,509.05.2023
CEC-COM-CPS-OTH3320145Denial of service (DOS) in SAP Commerce7,509.05.2023
BI-BIP-INV3319400[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform6,109.05.2023
BI-BIP-IDT3302595[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform3,709.05.2023
BC-SYB-PD3300624[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)7,509.05.2023
EPM-BPC-NW-DOC3312892[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation5,409.05.2023
LO-MD-BP-VM2335198[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy2,809.05.2023
CEC-COM-CPS-OTH3321309Information Disclosure vulnerability in SAP Commerce (Backoffice)7,509.05.2023
BI-BIP-ADM3038911[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)509.05.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy