Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Hey there! Glad you made it.
We have found 21 security advices for you to review.

 

 Severity
SAP© Security advisories 21
 System Types
Affected SAP© system types

 

Related note
3265846
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

 

Related note
3287291
CVSS
3.8

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3281724
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

 

Related note
3266751
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

 

Related note
3275841
CVSS
5.4

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

 

Related note
3263863
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

 

Related note
3274585
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

 

Related note
3290901
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

 

Related note
3270509
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

 

Related note
2788178
CVSS
4.3

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

 

Related note
3268959
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3263135
CVSS
8.5

Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

 

Related note
2985905
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

 

Related note
3282663
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

 

Related note
3267442
CVSS
6.5

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

 

Related note
3269151
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

 

Related note
3269118
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

 

Related note
3293786
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3271227
CVSS
6.1

Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3285757
CVSS
8.8

Affected system type
SAP Host Agent
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

 

Related note
3256787
CVSS
8.4

Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v32.1