Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 33 and the highest CVSS score is 9.4.

Severity

SAP© Security advisories 33

System Types

Affected SAP© system types

_{Related note}
3425682

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-25644] Information Disclosure vulnerability in SAP NetWeaver (WSRM)

Security Advisory

_{Related note}
3414195

_CVSS
7.2

_{Affected system
type}
BI/BO platform

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2023-50164] Path Traversal Vulnerability in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Security Advisory

_{Related note}
3377979

_CVSS
5.4

_{Affected system
type}
Kernel

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-27902] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP, applications based on SAPGUI for HTML (WebGUI)

Security Advisory

_{Related note}
3428847

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-25645] Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal)

Security Advisory

_{Related note}
3434192

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-28163] Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)

Security Advisory

_{Related note}
3419022

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-27900]Missing Authorization check in SAP ABAP Platform

Security Advisory

_{Related note}
3417399

_CVSS
4.6

_{Affected system
type}
ABAP

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-22133] Improper Access Control in SAP Fiori Front End Server

Security Advisory

_{Related note}
3433192

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2024-22127] Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)

Security Advisory

_{Related note}
3410615

_CVSS
7.5

_{Affected system
type}
HANA platform

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2023-44487 ] Denial of service (DOS) in SAP HANA XS Classic and HANA XS Advanced

Security Advisory

_{Related note}
3425274

_CVSS
9.4

_{Affected system
type}
SAP Build Apps

_Patchday
2024-03

_{Released
on}
2024/03/12

Description
[CVE-2019-10744] Code Injection vulnerability in applications built with SAP Build Apps

Security Advisory

_{Related note}
3426111

_CVSS
8.6

_{Affected system
type}
Java

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24743] XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

Security Advisory

_{Related note}
3404025

_CVSS
5.4

_{Affected system
type}
SAP Enable Now

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion

Security Advisory

_{Related note}
2637727

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24739] Missing authorization check in SAP Bank Account Management

Security Advisory

_{Related note}
3424610

_CVSS
7.4

_{Affected system
type}
SAP Cloud Connector

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-25642] Improper Certificate Validation in SAP Cloud Connector

Security Advisory

_{Related note}
3417627

_CVSS
8.8

_{Affected system
type}
Java

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Security Advisory

_{Related note}
3360827

_CVSS
5.3

_{Affected system
type}
Kernel

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

Security Advisory

_{Related note}
3421659

_CVSS
7.4

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22132] Code Injection vulnerability in SAP IDES Systems

Security Advisory

_{Related note}
3396109

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

Security Advisory

_{Related note}
3158455

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

_{Related note}
3237638

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-25643] Missing authorization check in SAP Fiori app ("My Overtime Requests")

Security Advisory

_{Related note}
3410875

_CVSS
7.6

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22130] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

_{Related note}
2897391

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/01

Description
[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material

Security Advisory

_{Related note}
3420923

_CVSS
9.1

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis)

Security Advisory

_{Related note}
3413475

_CVSS
9.1

_{Affected system
type}
SAP Edge Integration

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell

Security Advisory

_{Related note}
3386378

_CVSS
7.4

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-22125] Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)

Security Advisory

_{Related note}
3389917

_CVSS
7.5

_{Affected system
type}
Kernel

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2023-44487] Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform

Security Advisory

_{Related note}
3412456

_CVSS
9.1

_{Affected system
type}
BTP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA

Security Advisory

_{Related note}
3190894

_CVSS
3.7

_{Affected system
type}
SAP Marketing

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21734] URL Redirection vulnerability in SAP Marketing (Contacts App)

Security Advisory

_{Related note}
3387737

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21738] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

Security Advisory

_{Related note}
3407617

_CVSS
7.3

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21735] Improper Authorization check in SAP LT Replication Server

Security Advisory

_{Related note}
3392626

_CVSS
4.1

_{Affected system
type}
Kernel / Web Dispatcher

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-22124] Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager

Security Advisory

_{Related note}
3260667

_CVSS
6.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21736] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

Security Advisory

_{Related note}
3411869

_CVSS
8.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21737] Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 33

System Types

Affected SAP© system types

Related note 3425682

CVSS 5.3

Affected system type Java

Patchday2024-03

Released on2024/03/12

Related note 3414195

CVSS 7.2

Affected system type BI/BO platform

Patchday2024-03

Released on2024/03/12

Related note 3377979

CVSS 5.4

Affected system type Kernel

Patchday2024-03

Released on2024/03/12

Related note 3428847

CVSS 5.3

Affected system type Java

Patchday2024-03

Released on2024/03/12

Related note 3434192

CVSS 5.3

Affected system type Java

Patchday2024-03

Released on2024/03/12

Related note 3419022

CVSS 4.3

Affected system type ABAP

Patchday2024-03

Released on2024/03/12

Related note 3417399

CVSS 4.6

Affected system type ABAP

Patchday2024-03

Released on2024/03/12

Related note 3433192

CVSS 9.1

Affected system type Java

Patchday2024-03

Released on2024/03/12

Related note 3410615

CVSS 7.5

Affected system type HANA platform

Patchday2024-03

Released on2024/03/12

Related note 3425274

CVSS 9.4

Affected system type SAP Build Apps

Patchday2024-03

Released on2024/03/12

Related note 3426111

CVSS 8.6

Affected system type Java

Patchday2024-02

Released on2024/02/13

Related note 3404025

CVSS 5.4

Affected system type SAP Enable Now

Patchday2024-02

Released on2024/02/13

Related note 2637727

CVSS 6.3

Affected system type ABAP

Patchday2024-02

Released on2024/02/13

Related note 3424610

CVSS 7.4

Affected system type SAP Cloud Connector

Patchday2024-02

Released on2024/02/13

Related note 3417627

CVSS 8.8

Affected system type Java

Patchday2024-02

_{Related note}
3425682

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3414195

_CVSS
7.2

_{Affected system
type}
BI/BO platform

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3377979

_CVSS
5.4

_{Affected system
type}
Kernel

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3428847

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3434192

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3419022

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3417399

_CVSS
4.6

_{Affected system
type}
ABAP

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3433192

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3410615

_CVSS
7.5

_{Affected system
type}
HANA platform

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3425274

_CVSS
9.4

_{Affected system
type}
SAP Build Apps

_Patchday
2024-03

_{Released
on}
2024/03/12

_{Related note}
3426111

_CVSS
8.6

_{Affected system
type}
Java

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3404025

_CVSS
5.4

_{Affected system
type}
SAP Enable Now

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
2637727

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3424610

_CVSS
7.4

_{Affected system
type}
SAP Cloud Connector

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3417627

_CVSS
8.8

_{Affected system
type}
Java

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3360827

_CVSS
5.3

_{Affected system
type}
Kernel

_Patchday
2024-02

_{Released
on}
2024/02/13