SAP© Security Advisories - 12 2024 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 13 and the highest CVSS score is 9.1.

Severity

SAP© Security advisories 13

System Types

Affected SAP© system types

_{Related note}
3351041

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-47582] XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA

Security Advisory

_{Related note}
3520281

_CVSS
8.8

_{Affected system
type}
SAP Web Dispatcher

_Patchday
2024-12

_{Released
on}
2024/11/12

Description
[CVE-2024-47590] Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher

Security Advisory

_{Related note}
3536965

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-47578] Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)

Security Advisory

_{Related note}
3469791

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-54198] Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3515653

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
Update 1 to Security Note 3433545: [CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3433545

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/08/13

Description
[CVE-2024-42375] Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3504390

_CVSS
7.5

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/11/12

Description
[CVE-2024-47586] NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3504847

_CVSS
3.3

_{Affected system
type}
SAP Product Lifecycle Costing

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-47576] DLL Hijacking vulnerability in SAP Product Lifecycle Costing

Security Advisory

_{Related note}
3535451

_CVSS
2.7

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-47577] Information Disclosure vulnerability in SAP Commerce Cloud

Security Advisory

_{Related note}
3524933

_CVSS
5.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-32732] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

_{Related note}
3536361

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-47585] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3542543

_CVSS
7.2

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

Description
[CVE-2024-54197] Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

Security Advisory

_{Related note}
3522332

_CVSS
4.2

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/11/26

Description
[CVE-2024-47581] Missing Authorization check in SAP HCM (Approve Timesheets version 4)

Security Advisory

Notifications

Severity

SAP© Security advisories 13

System Types

Affected SAP© system types

Related note 3351041

CVSS 5.3

Affected system type Java

Patchday2024-12

Released on2024/12/10

Related note 3520281

CVSS 8.8

Affected system type SAP Web Dispatcher

Patchday2024-12

Released on2024/11/12

Related note 3536965

CVSS 9.1

Affected system type Java

Patchday2024-12

Released on2024/12/10

Related note 3469791

CVSS 8.5

Affected system type ABAP

Patchday2024-12

Released on2024/12/10

Related note 3515653

CVSS 4.3

Affected system type BI/BO platform

Patchday2024-12

Released on2024/12/10

Related note 3433545

CVSS 4.3

Affected system type BI/BO platform

Patchday2024-12

Released on2024/08/13

Related note 3504390

CVSS 7.5

Affected system type ABAP

Patchday2024-12

Released on2024/11/12

Related note 3504847

CVSS 3.3

Affected system type SAP Product Lifecycle Costing

Patchday2024-12

Released on2024/12/10

Related note 3535451

CVSS 2.7

Affected system type SAP Commerce Cloud

Patchday2024-12

Released on2024/12/10

Related note 3524933

CVSS 5.3

Affected system type BI/BO platform

Patchday2024-12

Released on2024/12/10

Related note 3536361

CVSS 4.3

Affected system type ABAP

Patchday2024-12

Released on2024/12/10

Related note 3542543

CVSS 7.2

Affected system type Java

Patchday2024-12

Released on2024/12/10

Related note 3522332

CVSS 4.2

Affected system type ABAP

Patchday2024-12

Released on2024/11/26

_{Related note}
3351041

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3520281

_CVSS
8.8

_{Affected system
type}
SAP Web Dispatcher

_Patchday
2024-12

_{Released
on}
2024/11/12

_{Related note}
3536965

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3469791

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3515653

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3433545

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/08/13

_{Related note}
3504390

_CVSS
7.5

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/11/12

_{Related note}
3504847

_CVSS
3.3

_{Affected system
type}
SAP Product Lifecycle Costing

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3535451

_CVSS
2.7

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3524933

_CVSS
5.3

_{Affected system
type}
BI/BO platform

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3536361

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3542543

_CVSS
7.2

_{Affected system
type}
Java

_Patchday
2024-12

_{Released
on}
2024/12/10

_{Related note}
3522332

_CVSS
4.2

_{Affected system
type}
ABAP

_Patchday
2024-12

_{Released
on}
2024/11/26