We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 13 and the highest CVSS score is 9.1.

 

 Severity
SAP© Security advisories 13
 System Types
Affected SAP© system types

 

Related note
3471450
CVSS
5.3

Affected system type
SAP Commerce
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce

Security Advisory

 

Related note
3477196
CVSS
9.1

Affected system type
SAP Build Apps
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps

Security Advisory

 

Related note
3475427
CVSS
4.3

Affected system type
SAP Fiori
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work

Security Advisory

 

Related note
3485284
CVSS
8.2

Affected system type
Java
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service

Security Advisory

 

Related note
3494349
CVSS
4.3

Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

 

Related note
3483256
CVSS
5.4

Affected system type
SAP Commerce
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice

Security Advisory

 

Related note
3477423
CVSS
4.3

Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-39591] Missing Authorization check in SAP Document Builder

Security Advisory

 

Related note
3487537
CVSS
5.0

Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

Security Advisory

 

Related note
3433545
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Security Advisory

 

Related note
3423268
CVSS
7.8

Affected system type
SAP Fiori
Patchday
2024-08
Released on
2024/07/23

Description
[CVE-2023-30533] Prototype Pollution in SAP S/4 HANA (Manage Supply Protection)

Security Advisory

 

Related note
3474590
CVSS
6.5

Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

Security Advisory

 

Related note
3438085
CVSS
6.3

Affected system type
Kernel / Web Dispatcher
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-33005] Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server.

Security Advisory

 

Related note
3468102
CVSS
4.7

Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13

Description
[CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v35.0