Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 19
 System Types
Affected SAP© system types

 

Related note
3294595
CVSS
9.6

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3289844
CVSS
6.8

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

 

Related note
3294954
CVSS
8.7

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3245526
CVSS
9.9

Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

 

Related note
3283438
CVSS
9.0

Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

 

Related note
3284550
CVSS
6.8

Affected system type
Java
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

 

Related note
3296476
CVSS
8.8

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

 

Related note
3302710
CVSS
6.1

Affected system type
SAP Authenticator for Android
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

 

Related note
3275727
CVSS
7.2

Affected system type
SAP Host Agent
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

 

Related note
3296328
CVSS
6.5

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3281484
CVSS
6.1

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

 

Related note
3288480
CVSS
5.3

Affected system type
Java
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

 

Related note
3288096
CVSS
5.3

Affected system type
Java
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

 

Related note
3302162
CVSS
9.6

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3252433
CVSS
9.9

Affected system type
Java
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

 

Related note
3296346
CVSS
7.4

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3287120
CVSS
6.5

Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

 

Related note
3274920
CVSS
6.1

Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

 

Related note
3288394
CVSS
5.3

Affected system type
Java
Patchday
2023-03
Released on
2023/03/14

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v32.1