SAP Security Notes Summary – May and June 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
FIN-FSCM-CLM-BAM | 3392049 | [CVE-2024-33000] Missing Authorization check in SAP Bank Account Management | 3,5 | 11.06.2024 |
BI-BIP-PUB | 3441817 | [CVE-2024-34684] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) | 3,7 | 11.06.2024 |
CA-GTF-DOB | 3459379 | [CVE-2024-34683] Unrestricted file upload in SAP Document Builder (HTTP service) | 6,5 | 11.06.2024 |
BW4-DM-TRFN | 3465455 | [CVE-2024-37176] Missing Authorization check in SAP BW/4HANA Transformation and DTP | 5,5 | 11.06.2024 |
BC-DWB-JAV-MMR | 3460407 | [CVE-2024-34688] Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository) | 7,5 | 11.06.2024 |
SV-SMG-SDD | 3453170 | [CVE-2024-33001] Denial of service (DOS) in SAP NetWeaver and ABAP platform | 6,5 | 11.06.2024 |
IS-HER-CM-AD | 3457265 | [CVE-2024-34690] Missing Authorization check in SAP Student Life Cycle Management (SLcM) | 5,4 | 11.06.2024 |
BC-GP | 3425571 | [CVE-2024-28164] Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) | 5,3 | 11.06.2024 |
CA-WUI-UI | 3465129 | [CVE-2024-34686] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) | 6,1 | 11.06.2024 |
FI-FIO-AR-PAY | 3466175 | [CVE-2024-34691] Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) | 6,5 | 11.06.2024 |
EPM-BFC-TCL | 3457592 | [CVE-2024-37177] Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation | 8,1 | 11.06.2024 |
FI-CF-INF | 2638217 | Switchable Authorization Checks in Central Finance Infrastructure Components | 3,9 | 28.05.2024 |
BC-MID-AC | 3450286 | [CVE-2024-32733] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 6,1 | 28.05.2024 |
BI-BIP-INV | 3449093 | [CVE-2024-33004] Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) | 4,3 | 14.05.2024 |
CA-UI5-SC | 3446076 | [CVE-2024-33007] Client-side script execution vulnerability in SAP UI5(PDFViewer) | 3,5 | 14.05.2024 |
BC-EIM-ESH | 3460772 | [CVE-2024-33002] Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) | 6,1 | 14.05.2024 |
CEC-SCC-PLA-PL | 3455438 | [CVE-2019-17495] Multiple vulnerabilities in SAP CX Commerce | 9,8 | 14.05.2024 |
FI-FIO-AR-PAY | 3434666 | [Multiple CVEs] Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | 4,3 | 14.05.2024 |
BC-SRV-KPR-CMS | 3448171 | [CVE-2024-33006] File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 9,6 | 14.05.2024 |
BI-BIP-INV | 3431794 | [CVE-2024-28165] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform | 8,1 | 14.05.2024 |
EHS-SAF-GLM | 1938764 | [CVE-2024-33009] SQL injection vulnerability in SAP Global Label Management (GLM) | 4,2 | 14.05.2024 |
BC-SRV-GBT-GOS | 3448445 | [CVE-2024-34687] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform | 6,5 | 14.05.2024 |
BC-SYB-REP | 3349468 | [CVE-2024-33008] Memory Corruption vulnerability in SAP Replication Server | 4,9 | 14.05.2024 |
FI-TV-ODT-MTR | 3447467 | [CVE-2024-32731] Missing Authorization check in SAP My Travel Requests | 5,5 | 14.05.2024 |
BC-XI-IBC | 2174651 | Potential information disclosure relating to PI Integration Directory | 4,3 | 14.05.2024 |
BC-XI-IBD-INF | 2745860 | Information Disclosure in Enterprise Services Repository of SAP Process Integration | 5,3 | 14.05.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.