Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 10 and the highest CVSS score is 9.1.

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

_{Related note}
3413475

_CVSS
9.1

_{Affected system
type}
SAP Edge Integration

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell

Security Advisory

_{Related note}
3411869

_CVSS
8.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21737] Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

Security Advisory

_{Related note}
3260667

_CVSS
6.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21736] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

Security Advisory

_{Related note}
3392626

_CVSS
4.1

_{Affected system
type}
Kernel / Web Dispatcher

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-22124] Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager

Security Advisory

_{Related note}
3407617

_CVSS
7.3

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21735] Improper Authorization check in SAP LT Replication Server

Security Advisory

_{Related note}
3387737

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21738] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

Security Advisory

_{Related note}
3190894

_CVSS
3.7

_{Affected system
type}
SAP Marketing

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-21734] URL Redirection vulnerability in SAP Marketing (Contacts App)

Security Advisory

_{Related note}
3412456

_CVSS
9.1

_{Affected system
type}
BTP

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA

Security Advisory

_{Related note}
3389917

_CVSS
7.5

_{Affected system
type}
Kernel

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2023-44487] Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform

Security Advisory

_{Related note}
3386378

_CVSS
7.4

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2024-01

_{Released
on}
2024/01/09

Description
[CVE-2024-22125] Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

Related note 3413475

CVSS 9.1

Affected system type SAP Edge Integration

Patchday2024-01

Released on2024/01/09

Related note 3411869

CVSS 8.4

Affected system type ABAP

Patchday2024-01

Released on2024/01/09

Related note 3260667

CVSS 6.4

Affected system type ABAP

Patchday2024-01

Released on2024/01/09

Related note 3392626

CVSS 4.1

Affected system type Kernel / Web Dispatcher

Patchday2024-01

Released on2024/01/09

Related note 3407617

CVSS 7.3

Affected system type ABAP

Patchday2024-01

Released on2024/01/09

Related note 3387737

CVSS 4.1

Affected system type ABAP

Patchday2024-01

Released on2024/01/09

Related note 3190894

CVSS 3.7

Affected system type SAP Marketing

Patchday2024-01

Released on2024/01/09

Related note 3412456

CVSS 9.1

Affected system type BTP

Patchday2024-01

Released on2024/01/09

Related note 3389917

CVSS 7.5

Affected system type Kernel

Patchday2024-01

Released on2024/01/09

Related note 3386378

CVSS 7.4

Affected system type SAP GUI / Frontend

Patchday2024-01

Released on2024/01/09

_{Related note}
3413475

_CVSS
9.1

_{Affected system
type}
SAP Edge Integration

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3411869

_CVSS
8.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3260667

_CVSS
6.4

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3392626

_CVSS
4.1

_{Affected system
type}
Kernel / Web Dispatcher

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3407617

_CVSS
7.3

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3387737

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3190894

_CVSS
3.7

_{Affected system
type}
SAP Marketing

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3412456

_CVSS
9.1

_{Affected system
type}
BTP

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3389917

_CVSS
7.5

_{Affected system
type}
Kernel

_Patchday
2024-01

_{Released
on}
2024/01/09

_{Related note}
3386378

_CVSS
7.4

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2024-01

_{Released
on}
2024/01/09