SAP Security Notes Summary – October 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
PP-PI-MD-PRV | 3525971 | Other vulnerability in service UI_PRODUCTIONVERSION | 4,3 | 10.10.2024 |
BC-SRV-DX-DXW | 3454858 | [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,1 | 08.10.2024 |
BI-BIP-INV | 3479478 | [CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform | 9,8 | 08.10.2024 |
BC-SYB-REP | 3495876 | [Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS) | 6,5 | 08.10.2024 |
BI-RA-WBI-BE | 3478615 | [CVE-2024-37179] Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | 7,7 | 08.10.2024 |
CEC-SCC-CDM-BO-APP | 3507545 | [CVE-2024-45278] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice | 5,4 | 08.10.2024 |
CA-EPC | 3523541 | [CVE-2022-23302] Multiple vulnerabilities in SAP Enterprise Project Connection | 8,0 | 08.10.2024 |
HAN-DB-CLI | 3520100 | [CVE-2024-45277] Prototype Pollution vulnerability in SAP HANA Client | 4,3 | 08.10.2024 |
BC-JAS-SEC-DST | 3477359 | [CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) | 6,0 | 08.10.2024 |
EP-KM-ADM-CFG | 3503462 | [CVE-2024-47594] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) | 5,4 | 08.10.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.