SAP© Security Advisories - 10 2023 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 6 security advices for you to review.

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

_{Related note}
3333426

_CVSS
6.5

_{Affected system
type}
Java

_Patchday
2023-10

_{Released
on}
2023/10/26

Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)

Security Advisory

_{Related note}
3222121

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2023-10

_{Released
on}
2023/10/10

Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting

Security Advisory

_{Related note}
3357154

_CVSS
6.5

_{Affected system
type}
SAP PowerDesigner

_Patchday
2023-10

_{Released
on}
2023/10/10

Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)

Security Advisory

_{Related note}
3371873

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2023-10

_{Released
on}
2023/10/10

Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Security Advisory

_{Related note}
3338380

_CVSS
4.3

_{Affected system
type}
SAP Business One

_Patchday
2023-10

_{Released
on}
2023/10/10

Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)

Security Advisory

_{Related note}
3372991

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2023-10

_{Released
on}
2023/10/10

Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence

Security Advisory

Notifications

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

Related note 3333426

CVSS 6.5

Affected system type Java

Patchday2023-10

Released on2023/10/26

Related note 3222121

CVSS 4.3

Affected system type ABAP

Patchday2023-10

Released on2023/10/10

Related note 3357154

CVSS 6.5

Affected system type SAP PowerDesigner

Patchday2023-10

Released on2023/10/10

Related note 3371873

CVSS 5.3

Affected system type Java

Patchday2023-10

Released on2023/10/10

Related note 3338380

CVSS 4.3

Affected system type SAP Business One

Patchday2023-10

Released on2023/10/10

Related note 3372991

CVSS 6.8

Affected system type BI/BO platform

Patchday2023-10

Released on2023/10/10

_{Related note}
3333426

_CVSS
6.5

_{Affected system
type}
Java

_Patchday
2023-10

_{Released
on}
2023/10/26

_{Related note}
3222121

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2023-10

_{Released
on}
2023/10/10

_{Related note}
3357154

_CVSS
6.5

_{Affected system
type}
SAP PowerDesigner

_Patchday
2023-10

_{Released
on}
2023/10/10

_{Related note}
3371873

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2023-10

_{Released
on}
2023/10/10

_{Related note}
3338380

_CVSS
4.3

_{Affected system
type}
SAP Business One

_Patchday
2023-10

_{Released
on}
2023/10/10

_{Related note}
3372991

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2023-10

_{Released
on}
2023/10/10