SAP Security Notes Summary – September 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-JAS-SEC-LGN | 3505503 | [CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application) | 4,8 | 10.09.2024 |
BC-DWB-SEM | 3488039 | [Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform | 5,4 | 10.09.2024 |
CA-GTF-PCF | 3501359 | [CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel) | 6,1 | 10.09.2024 |
CEC-SCC-PLA-PL | 3430336 | [CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud | 5,9 | 10.09.2024 |
BC-ABA-LA | 3507252 | [CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | 2,0 | 10.09.2024 |
IS-OIL-DS-TD | 3505293 | [CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) | 4,3 | 10.09.2024 |
BC-PIN-PCD | 3498221 | [CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 4,7 | 10.09.2024 |
IS-HER-CM | 2256627 | [CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM) | 2,7 | 10.09.2024 |
IS-OIL-PRA-REV-OW | 3488341 | [CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) | 6,5 | 10.09.2024 |
BW-BEX-ET-WB-7X | 3481992 | [CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer) | 4,3 | 10.09.2024 |
BW-BEX-ET-WB-7X | 3481588 | [CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) | 4,3 | 10.09.2024 |
BC-JAS-SEC-DST | 3477359 | [CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) | 6,0 | 10.09.2024 |
BI-RA-WBI-BE | 3425287 | [CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform | 5,8 | 10.09.2024 |
MM-PUR-SSP | 3497347 | [CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA | 6,1 | 10.09.2024 |
BC-DWB-TOO-ABA | 3496410 | [CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | 2,7 | 10.09.2024 |
BC-SYB-REP | 3495876 | [Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS) | 6,5 | 10.09.2024 |
CEC-COM-CPS-COR | 3459935 | [CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud | 7,4 | 10.09.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.