SAP Security Notes Summary – September 2024

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-JAS-SEC-LGN3505503[CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)4,810.09.2024
BC-DWB-SEM3488039[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform5,410.09.2024
CA-GTF-PCF3501359[CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel)6,110.09.2024
CEC-SCC-PLA-PL3430336[CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud5,910.09.2024
BC-ABA-LA3507252[CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform2,010.09.2024
IS-OIL-DS-TD3505293[CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)4,310.09.2024
BC-PIN-PCD3498221[CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal4,710.09.2024
IS-HER-CM2256627[CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM)2,710.09.2024
IS-OIL-PRA-REV-OW3488341[CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)6,510.09.2024
BW-BEX-ET-WB-7X3481992[CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)4,310.09.2024
BW-BEX-ET-WB-7X3481588[CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)4,310.09.2024
BC-JAS-SEC-DST3477359[CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)6,010.09.2024
BI-RA-WBI-BE3425287[CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform5,810.09.2024
MM-PUR-SSP3497347[CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA6,110.09.2024
BC-DWB-TOO-ABA3496410[CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform2,710.09.2024
BC-SYB-REP3495876[Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS)6,510.09.2024
CEC-COM-CPS-COR3459935[CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud7,410.09.2024
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy