Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest CVSS score is 9.8.

 

 Severity
SAP© Security advisories 20
 System Types
Affected SAP© system types

 

Related note
2335198
CVSS
2.8

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Security Advisory

 

Related note
3320145
CVSS
7.5

Affected system type
SAP Commerce
Patchday
2023-05
Released on
2023/05/09

Description
Denial of service (DOS) in SAP Commerce

Security Advisory

 

Related note
3326210
CVSS
7.1

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Security Advisory

 

Related note
3323415
CVSS
8.2

Affected system type
SAP Integrated...
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Security Advisory

 

Related note
3300624
CVSS
7.5

Affected system type
SAP PowerDesigner
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Security Advisory

 

Related note
3313484
CVSS
6.3

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

 

Related note
3312892
CVSS
5.4

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Security Advisory

 

Related note
3315979
CVSS
5.4

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Security Advisory

 

Related note
3315971
CVSS
6.1

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

 

Related note
3309935
CVSS
6.1

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

 

Related note
3302595
CVSS
3.7

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

 

Related note
3320467
CVSS
7.5

Affected system type
SAP GUI / Frontend
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Security Advisory

 

Related note
3038911
CVSS
5.0

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Security Advisory

 

Related note
3307833
CVSS
9.1

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Security Advisory

 

Related note
3321309
CVSS
7.5

Affected system type
SAP Commerce
Patchday
2023-05
Released on
2023/05/09

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Security Advisory

 

Related note
3328495
CVSS
9.8

Affected system type
Reprise License Manager
Patchday
2023-05
Released on
2023/05/09

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Security Advisory

 

Related note
3317453
CVSS
8.2

Affected system type
Java
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Security Advisory

 

Related note
3319400
CVSS
6.1

Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

 

Related note
1794761
CVSS
4.2

Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/23

Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Security Advisory

 

Related note
3301942
CVSS
7.9

Affected system type
SAP Plant Connectivity
Patchday
2023-05
Released on
2023/05/23

Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v34.1