We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 18 and the highest CVSS score is 9.8.
Severity
SAP© Security advisories 18
System Types
Affected SAP© system types
Affected system
type
SAP Commerce
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce
Affected system
type
SAP Build Apps
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
Affected system
type
SAP Fiori
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work
Affected system
type
Java
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
SAP Commerce
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-39591] Missing Authorization check in SAP Document Builder
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)
Affected system
type
BI/BO platform
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Affected system
type
SAP Fiori
Patchday
2024-08
Released
on
2024/07/23
Description
[CVE-2023-30533] Prototype Pollution in SAP S/4 HANA (Manage Supply Protection)
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
Affected system
type
Kernel / Web Dispatcher
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-33005] Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server.
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP
Affected system
type
BI/BO platform
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
Affected system
type
SAP Commerce Cloud
Patchday
2024-08
Released
on
2024/08/13
Description
[CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud
Affected system
type
Sybase platform
Patchday
2024-08
Released
on
2024/08/13
Description
[Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS)
Affected system
type
ABAP
Patchday
2024-08
Released
on
2024/08/27
Description
[CVE-2024-44121] Information Disclosure in SAP S/4 HANA (Statutory Reports)