SAP© Security Advisories - 12 2023 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 15 and the highest CVSS score is 9.1.

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

_{Related note}
3392547

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49581] SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

_{Related note}
3394567

_CVSS
8.1

_{Affected system
type}
SAP Commerce

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-42481] Improper Access Control vulnerability in SAP Commerce Cloud

Security Advisory

_{Related note}
3399691

_CVSS
9.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Security Advisory

_{Related note}
3217087

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)

Security Advisory

_{Related note}
3363690

_CVSS
3.5

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance

Security Advisory

_{Related note}
3411067

_CVSS
9.1

_{Affected system
type}
BTP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries

Security Advisory

_{Related note}
3406786

_CVSS
4.3

_{Affected system
type}
SAP UI5

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49584] Client-Side Desynchronization vulnerability in SAP Fiori Launchpad

Security Advisory

_{Related note}
3395306

_CVSS
6.4

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49587] Command Injection vulnerability in SAP Solution Manager

Security Advisory

_{Related note}
3362463

_CVSS
3.5

_{Affected system
type}
SAP Cloud Connector

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49578] Denial of service (DOS) in SAP Cloud Connector

Security Advisory

_{Related note}
3159329

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
Denial of service (DoS) vulnerability in JSZip library bundled within SAPUI5

Security Advisory

_{Related note}
3385711

_CVSS
7.3

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-49580] Information disclosure vulnerability in SAP GUI for WIndows and SAP GUI for Java

Security Advisory

_{Related note}
3383321

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-42479] Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct

Security Advisory

_{Related note}
3406244

_CVSS
7.1

_{Affected system
type}
Android SDK

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID

Security Advisory

_{Related note}
3369353

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

Security Advisory

_{Related note}
3382353

_CVSS
7.5

_{Affected system
type}
BI/BO platform

_Patchday
2023-12

_{Released
on}
2023/12/12

Description
[CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

Notifications

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

Related note 3392547

CVSS 4.1

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3394567

CVSS 8.1

Affected system type SAP Commerce

Patchday2023-12

Released on2023/12/12

Related note 3399691

CVSS 9.1

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3217087

CVSS 6.1

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3363690

CVSS 3.5

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3411067

CVSS 9.1

Affected system type BTP

Patchday2023-12

Released on2023/12/12

Related note 3406786

CVSS 4.3

Affected system type SAP UI5

Patchday2023-12

Released on2023/12/12

Related note 3395306

CVSS 6.4

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3362463

CVSS 3.5

Affected system type SAP Cloud Connector

Patchday2023-12

Released on2023/12/12

Related note 3159329

CVSS 5.3

Affected system type ABAP

Patchday2023-12

Released on2023/12/12

Related note 3385711

CVSS 7.3

Affected system type SAP GUI / Frontend

Patchday2023-12

Released on2023/12/12

Related note 3383321

CVSS 6.1

Affected system type Java

Patchday2023-12

Released on2023/12/12

Related note 3406244

CVSS 7.1

Affected system type Android SDK

Patchday2023-12

Released on2023/12/12

Related note 3369353

CVSS 6.8

Affected system type BI/BO platform

Patchday2023-12

Released on2023/12/12

Related note 3382353

CVSS 7.5

Affected system type BI/BO platform

Patchday2023-12

Released on2023/12/12

_{Related note}
3392547

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3394567

_CVSS
8.1

_{Affected system
type}
SAP Commerce

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3399691

_CVSS
9.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3217087

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3363690

_CVSS
3.5

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3411067

_CVSS
9.1

_{Affected system
type}
BTP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3406786

_CVSS
4.3

_{Affected system
type}
SAP UI5

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3395306

_CVSS
6.4

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3362463

_CVSS
3.5

_{Affected system
type}
SAP Cloud Connector

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3159329

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3385711

_CVSS
7.3

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3383321

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3406244

_CVSS
7.1

_{Affected system
type}
Android SDK

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3369353

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2023-12

_{Released
on}
2023/12/12

_{Related note}
3382353

_CVSS
7.5

_{Affected system
type}
BI/BO platform

_Patchday
2023-12

_{Released
on}
2023/12/12