SAP© Security Advisories - 09 2024 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 15 security advices for you to review.

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

_{Related note}
3425287

_CVSS
5.8

_{Affected system
type}
SAP BusinessObjects...

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3497347

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA

Security Advisory

_{Related note}
3488341

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)

Security Advisory

_{Related note}
3477359

_CVSS
6.0

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)

Security Advisory

_{Related note}
3488039

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3505503

_CVSS
4.8

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

Security Advisory

_{Related note}
3498221

_CVSS
4.7

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
2256627

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM)

Security Advisory

_{Related note}
3430336

_CVSS
5.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud

Security Advisory

_{Related note}
3507252

_CVSS
2.0

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3505293

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Security Advisory

_{Related note}
3481588

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)

Security Advisory

_{Related note}
3481992

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)

Security Advisory

_{Related note}
3496410

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3501359

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel)

Security Advisory

Notifications

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

Related note 3425287

CVSS 5.8

Affected system type SAP BusinessObjects...

Patchday2024-09

Released on2024/09/10

Related note 3497347

CVSS 6.1

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3488341

CVSS 6.5

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3477359

CVSS 6.0

Affected system type JAVA

Patchday2024-09

Released on2024/09/10

Related note 3488039

CVSS 5.4

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3505503

CVSS 4.8

Affected system type JAVA

Patchday2024-09

Released on2024/09/10

Related note 3498221

CVSS 4.7

Affected system type JAVA

Patchday2024-09

Released on2024/09/10

Related note 2256627

CVSS 2.7

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3430336

CVSS 5.9

Affected system type SAP Commerce Cloud

Patchday2024-09

Released on2024/09/10

Related note 3507252

CVSS 2.0

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3505293

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3481588

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3481992

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3496410

CVSS 2.7

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3501359

CVSS 6.1

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

_{Related note}
3425287

_CVSS
5.8

_{Affected system
type}
SAP BusinessObjects...

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3497347

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3488341

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3477359

_CVSS
6.0

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3488039

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3505503

_CVSS
4.8

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3498221

_CVSS
4.7

_{Affected system
type}
JAVA

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
2256627

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3430336

_CVSS
5.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3507252

_CVSS
2.0

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3505293

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3481588

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3481992

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3496410

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3501359

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10