SAP© Security Advisories - 09 2024 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 15 security advices for you to review.

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

_{Related note}
3425287

_CVSS
5.8

_{Affected system
type}
BI/BO platform

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3488341

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)

Security Advisory

_{Related note}
3497347

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA

Security Advisory

_{Related note}
3488039

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3505503

_CVSS
4.8

_{Affected system
type}
Java

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

Security Advisory

_{Related note}
3430336

_CVSS
5.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud

Security Advisory

_{Related note}
3507252

_CVSS
2.0

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3505293

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Security Advisory

_{Related note}
3501359

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel)

Security Advisory

_{Related note}
3498221

_CVSS
4.7

_{Affected system
type}
Java

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
2256627

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM)

Security Advisory

_{Related note}
3481992

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)

Security Advisory

_{Related note}
3496410

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

Description
[CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3459935

_CVSS
7.4

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/08/13

Description
[CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud

Security Advisory

_{Related note}
3437585

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/08/27

Description
[CVE-2024-44121] Information Disclosure in SAP S/4 HANA (Statutory Reports)

Security Advisory

Notifications

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

Related note 3425287

CVSS 5.8

Affected system type BI/BO platform

Patchday2024-09

Released on2024/09/10

Related note 3488341

CVSS 6.5

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3497347

CVSS 6.1

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3488039

CVSS 5.4

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3505503

CVSS 4.8

Affected system type Java

Patchday2024-09

Released on2024/09/10

Related note 3430336

CVSS 5.9

Affected system type SAP Commerce Cloud

Patchday2024-09

Released on2024/09/10

Related note 3507252

CVSS 2.0

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3505293

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3501359

CVSS 6.1

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3498221

CVSS 4.7

Affected system type Java

Patchday2024-09

Released on2024/09/10

Related note 2256627

CVSS 2.7

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3481992

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3496410

CVSS 2.7

Affected system type ABAP

Patchday2024-09

Released on2024/09/10

Related note 3459935

CVSS 7.4

Affected system type SAP Commerce Cloud

Patchday2024-09

Released on2024/08/13

Related note 3437585

CVSS 4.3

Affected system type ABAP

Patchday2024-09

Released on2024/08/27

_{Related note}
3425287

_CVSS
5.8

_{Affected system
type}
BI/BO platform

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3488341

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3497347

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3488039

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3505503

_CVSS
4.8

_{Affected system
type}
Java

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3430336

_CVSS
5.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3507252

_CVSS
2.0

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3505293

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3501359

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3498221

_CVSS
4.7

_{Affected system
type}
Java

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
2256627

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3481992

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3496410

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/09/10

_{Related note}
3459935

_CVSS
7.4

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-09

_{Released
on}
2024/08/13

_{Related note}
3437585

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-09

_{Released
on}
2024/08/27