SAP Security Notes Summary – October 2023
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-JAS-ADM-MON | 3333426 | [CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application) | 6,5 | 26.10.2023 |
BC-IAM-SSO-CCL | 3340576 | [CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib | 9,8 | 24.10.2023 |
BI-RA-WBI-FE | 3372991 | [CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence | 6,8 | 10.10.2023 |
FI-LOC-SRF-RUN | 3222121 | [CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting | 4,3 | 10.10.2023 |
SBO-CRO-SEC | 3338380 | [CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i) | 4,3 | 10.10.2023 |
BC-JAS-SEC | 3371873 | Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) | 5,3 | 10.10.2023 |
BC-JAS-SEC | 3324732 | [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) | 5,3 | 10.10.2023 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 10.10.2023 |
BC-SYB-PD | 3357154 | [CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import) | 6,5 | 10.10.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.