Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 13 and the highest CVSS score is 9.1.

 

 Severity
SAP© Security advisories 13
 System Types
Affected SAP© system types

 

Related note
3417627
CVSS
8.8

Affected system type
Java
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Security Advisory

 

Related note
3360827
CVSS
5.3

Affected system type
Kernel
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

Security Advisory

 

Related note
3421659
CVSS
7.4

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22132] Code Injection vulnerability in SAP IDES Systems

Security Advisory

 

Related note
3396109
CVSS
4.7

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

Security Advisory

 

Related note
3158455
CVSS
4.1

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

 

Related note
3237638
CVSS
4.3

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-25643] Missing authorization check in SAP Fiori app ("My Overtime Requests")

Security Advisory

 

Related note
3424610
CVSS
7.4

Affected system type
SAP Cloud Connector
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-25642] Improper Certificate Validation in SAP Cloud Connector

Security Advisory

 

Related note
3410875
CVSS
7.6

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22130] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

 

Related note
2897391
CVSS
4.3

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/01

Description
[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material

Security Advisory

 

Related note
3420923
CVSS
9.1

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis)

Security Advisory

 

Related note
3426111
CVSS
8.6

Affected system type
Java
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-24743] XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

Security Advisory

 

Related note
3404025
CVSS
5.4

Affected system type
SAP Enable Now
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion

Security Advisory

 

Related note
2637727
CVSS
6.3

Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13

Description
[CVE-2024-24739] Missing authorization check in SAP Bank Account Management

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v34.3