Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
We have found 15 security advices for you to review.
Severity
SAP© Security advisories 15
System Types
Affected SAP© system types
Affected system
type
SAP Enable Now
Patchday
2023-07
Released
on
2023/07/11
Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)
Affected system
type
Sybase platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)