We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.
Severity
SAP© Security advisories 14
System Types
Affected SAP© system types
Affected system
type
SAP GUI / Frontend
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java
Affected system
type
SAP GUI / Frontend
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows
Affected system
type
ABAP
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java
Affected system
type
SAPSetup
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup
Affected system
type
ABAP
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow
Affected system
type
BI/BO platform
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
Affected system
type
BI/BO platform
Patchday
2025-01
Released
on
2025/01/14
Description
Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise)
Affected system
type
Kernel
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
ABAP
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework)
Affected system
type
SAP GUI / Frontend
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
Affected system
type
Java
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
Affected system
type
ABAP
Patchday
2025-01
Released
on
2025/01/14
Description
[CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform