SAP Security Notes Summary – October 2023

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-JAS-ADM-MON3333426[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)6,526.10.2023
BC-IAM-SSO-CCL3340576[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib9,824.10.2023
BI-RA-WBI-FE3372991[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence6,810.10.2023
FI-LOC-SRF-RUN3222121[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting4,310.10.2023
SBO-CRO-SEC3338380[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)4,310.10.2023
BC-JAS-SEC3371873Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)5,310.10.2023
BC-JAS-SEC3324732[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)5,310.10.2023
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1010.10.2023
BC-SYB-PD3357154[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)6,510.10.2023

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy