We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
We have found 14 security advices for you to review.
Severity
SAP© Security advisories 14
System Types
Affected SAP© system types
Affected system
type
SAP Landscape...
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
Affected system
type
SAP Enable Now
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
Affected system
type
SAP GUI
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-34689] Prerequisite for Security Note 3458789
Affected system
type
Java
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor
Affected system
type
SAP CRM UI
Patchday
2024-07
Released
on
2024/07/09
Description
[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
Affected system
type
SAP Enable Now
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-34689] Allowlisting of callback-URLs in SAP Business Workflow (WebFlow Services)
Affected system
type
SAP Commerce
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
Affected system
type
ABAP
Patchday
2024-07
Released
on
2024/07/09
Description
[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation