SAP Security Notes Summary – May and June 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
FIN-FSCM-CLM-BAM3392049[CVE-2024-33000] Missing Authorization check in SAP Bank Account Management3,511.06.2024
BI-BIP-PUB3441817[CVE-2024-34684] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)3,711.06.2024
CA-GTF-DOB3459379[CVE-2024-34683] Unrestricted file upload in SAP Document Builder (HTTP service)6,511.06.2024
BW4-DM-TRFN3465455[CVE-2024-37176] Missing Authorization check in SAP BW/4HANA Transformation and DTP5,511.06.2024
BC-DWB-JAV-MMR3460407[CVE-2024-34688] Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)7,511.06.2024
SV-SMG-SDD3453170[CVE-2024-33001] Denial of service (DOS) in SAP NetWeaver and ABAP platform6,511.06.2024
IS-HER-CM-AD3457265[CVE-2024-34690] Missing Authorization check in SAP Student Life Cycle Management (SLcM)5,411.06.2024
BC-GP3425571[CVE-2024-28164] Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)5,311.06.2024
CA-WUI-UI3465129[CVE-2024-34686] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)6,111.06.2024
FI-FIO-AR-PAY3466175[CVE-2024-34691] Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)6,511.06.2024
EPM-BFC-TCL3457592[CVE-2024-37177] Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation8,111.06.2024
FI-CF-INF2638217Switchable Authorization Checks in Central Finance Infrastructure Components3,928.05.2024
BC-MID-AC3450286[CVE-2024-32733] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform6,128.05.2024
BI-BIP-INV3449093[CVE-2024-33004] Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)4,314.05.2024
CA-UI5-SC3446076[CVE-2024-33007] Client-side script execution vulnerability in SAP UI5(PDFViewer)3,514.05.2024
BC-EIM-ESH3460772[CVE-2024-33002] Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)6,114.05.2024
CEC-SCC-PLA-PL3455438[CVE-2019-17495] Multiple vulnerabilities in SAP CX Commerce9,814.05.2024
FI-FIO-AR-PAY3434666[Multiple CVEs] Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)4,314.05.2024
BC-SRV-KPR-CMS3448171[CVE-2024-33006] File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform9,614.05.2024
BI-BIP-INV3431794[CVE-2024-28165] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform8,114.05.2024
EHS-SAF-GLM1938764[CVE-2024-33009] SQL injection vulnerability in SAP Global Label Management (GLM)4,214.05.2024
BC-SRV-GBT-GOS3448445[CVE-2024-34687] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform6,514.05.2024
BC-SYB-REP3349468[CVE-2024-33008] Memory Corruption vulnerability in SAP Replication Server4,914.05.2024
FI-TV-ODT-MTR3447467[CVE-2024-32731] Missing Authorization check in SAP My Travel Requests5,514.05.2024
BC-XI-IBC2174651Potential information disclosure relating to PI Integration Directory4,314.05.2024
BC-XI-IBD-INF2745860Information Disclosure in Enterprise Services Repository of SAP Process Integration5,314.05.2024
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy