SAP Security Notes Summary – November 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
PA-FIO-TS | 3522332 | [CVE-2024-47581] Missing Authorization check in SAP HCM (Approve Timesheets version 4) | 4,3 | 26.11.2024 |
BC-UPG-TLS-TLJ | 3522953 | [CVE-2024-47588] Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager) | 4,7 | 12.11.2024 |
BC-FES-WGU | 3508947 | [CVE-2024-47593] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,3 | 12.11.2024 |
FIN-BA | 3483344 | [CVE-2024-39592] Missing Authorization check in SAP PDCE | 7,7 | 12.11.2024 |
BC-JAS-SEC | 3393899 | [CVE-2024-47592] Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application) | 5,3 | 12.11.2024 |
BC-CCM-HAG | 3509619 | [CVE-2024-47595] Local Privilege Escalation in SAP Host Agent | 6,3 | 12.11.2024 |
FIN-FSCM-CLM-COP | 3498470 | [CVE-2024-47587] Missing authorization check in SAP Cash Management (Cash Operations) | 3,5 | 12.11.2024 |
BC-CCM-SLD | 3335394 | [CVE-2024-42372] Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) | 6,5 | 12.11.2024 |
FIN-FSCM-CLM-BAM | 3392049 | [CVE-2024-33000] Missing Authorization check in SAP Bank Account Management | 3,5 | 12.11.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.