SAP Security Notes Summary – November 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
PA-FIO-TS3522332[CVE-2024-47581] Missing Authorization check in SAP HCM (Approve Timesheets version 4)4,326.11.2024
BC-UPG-TLS-TLJ3522953[CVE-2024-47588] Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)4,712.11.2024
BC-FES-WGU3508947[CVE-2024-47593] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4,312.11.2024
FIN-BA3483344[CVE-2024-39592] Missing Authorization check in SAP PDCE7,712.11.2024
BC-JAS-SEC3393899[CVE-2024-47592] Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)5,312.11.2024
BC-CCM-HAG3509619[CVE-2024-47595] Local Privilege Escalation in SAP Host Agent6,312.11.2024
FIN-FSCM-CLM-COP3498470[CVE-2024-47587] Missing authorization check in SAP Cash Management (Cash Operations)3,512.11.2024
BC-CCM-SLD3335394[CVE-2024-42372] Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)6,512.11.2024
FIN-FSCM-CLM-BAM3392049[CVE-2024-33000] Missing Authorization check in SAP Bank Account Management3,512.11.2024

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2025. SAPBasisWorld.com Privacy Policy