SAP is a leading enterprise software suite that integrates various business functions like:-
- Finance
- Human resources
- Supply chain management
This renowned enterprise software suite helps organizations to:-
- Streamline processes
- Enhance efficiency
- Make data-driven decisions
Recently, on a security note, the German multinational software company SAP released a security patch for vulnerabilities like privilege escalation flaws discovered in SAP products.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
SAP Security Patch
To protect the SAP landscape, SAP urged customers to visit the SAP Support Portal immediately and apply the newly released security patches.
Ensure SAP software security through regular SAP Security Patch Days every second Tuesday synchronized with major vendors.
Here below, we have mentioned all the security researchers who have contributed to security patches this month:-
- Ahmed Hamza
- Amin ACHOUR
- Dzianis Skliar
- Fabian Lupa
- Ignacio Oliva
- Yvan Genuer
- Joris van de Vis
- Barhaam
- Wouter van der Houven
Here below, we have mentioned all the companies that have contributed to security patches this month:-
- Onapsis Research Labs
- SecurityBridge
- TTG Cyber
Delivering reliable products and cloud services is SAP’s utmost commitment and priority. For data integrity and secure functioning, secure setup is a crucial element.
Vulnerabilities that are fixed in this patch:-
- CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack, and SAP Web IDE for SAP HANA
- CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
- CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
- CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
- CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
- CVE-2023-50423 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
- CVE-2023-50424 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
- CVE-2024-21737 (CVSS 8.4): Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
- CVE-2023-44487 (CVSS 7.5): Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform
- CVE-2024-22125 (CVSS 7.4): Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
- CVE-2024-21735 (CVSS 7.3): Improper Authorization check in SAP LT Replication Server
- CVE-2024-21736 (CVSS 6.4): Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
- CVE-2023-31405 (CVSS 5.3): Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
- CVE-2024-21738 (CVSS 4.1): Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
- CVE-2024-22124 (CVSS 4.1): Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
- CVE-2024-21734 (CVSS 3.7): URL Redirection vulnerability in SAP Marketing (Contacts App)
Try Kelltron’s cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems