SAP Security Notes Summary – November 2023
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
| SAP Component | Number | Title | CVSS Score | Released On |
|---|---|---|---|---|
| BC-SYB-SQA | 2494184 | Cross-Site Request Forgery (CSRF) vulnerability in multiple SAP Sybase products | 6,3 | 14.11.2023 |
| SBO-CRO-SEC | 3355658 | [CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation | 9,6 | 14.11.2023 |
| BC-CST-IC | 3362849 | [CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 5,3 | 14.11.2023 |
| BC-JAS-SEC | 3366410 | [CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon | 5,3 | 14.11.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.