We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
We have found 21 security advices for you to review.
Severity
SAP© Security advisories 21
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
SAP Host Agent
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)