We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
We have found 15 security advices for you to review.
Severity
SAP© Security advisories 15
System Types
Affected SAP© system types
Affected system
type
SAP Enable Now
Patchday
2023-07
Released
on
2023/07/11
Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)
Affected system
type
Sybase platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)