Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Hey there! Glad you made it.
We have found 15 security advices for you to review.

 

 Severity
SAP© Security advisories 15
 System Types
Affected SAP© system types

 

Related note
3326769
CVSS
6.1

Affected system type
SAP Enable Now
Patchday
2023-07
Released on
2023/07/11

Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now

 

Related note
3352058
CVSS
7.2

Affected system type
Java
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)

 

Related note
3318850
CVSS
6.0

Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3348145
CVSS
7.2

Affected system type
Java
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)

 

Related note
3320702
CVSS
5.9

Affected system type
BI/BO platform
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform

 

Related note
3351410
CVSS
4.9

Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security

 

Related note
3343564
CVSS
6.5

Affected system type
Java
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

 

Related note
3331029
CVSS
7.8

Affected system type
Sybase platform
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere

 

Related note
3341211
CVSS
6.3

Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

 

Related note
3324732
CVSS
5.3

Affected system type
Java
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

 

Related note
3340735
CVSS
7.7

Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher

 

Related note
3088078
CVSS
4.5

Affected system type
BI/BO platform
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

 

Related note
3343547
CVSS
6.5

Affected system type
Java
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)

 

Related note
3331376
CVSS
8.7

Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

 

Related note
3233899
CVSS
8.6

Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11

Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v32.1