SAP© Security Advisories - 02 2024 - Severity Medium

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 7 security advices for you to review.

Severity

SAP© Security advisories 7

System Types

Affected SAP© system types

_{Related note}
3360827

_CVSS
5.3

_{Affected system
type}
Kernel

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

Security Advisory

_{Related note}
3396109

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

Security Advisory

_{Related note}
3158455

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

_{Related note}
3237638

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-25643] Missing authorization check in SAP Fiori app ("My Overtime Requests")

Security Advisory

_{Related note}
2897391

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/01

Description
[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material

Security Advisory

_{Related note}
3404025

_CVSS
5.4

_{Affected system
type}
SAP Enable Now

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion

Security Advisory

_{Related note}
2637727

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

Description
[CVE-2024-24739] Missing authorization check in SAP Bank Account Management

Security Advisory

Notifications

Severity

SAP© Security advisories 7

System Types

Affected SAP© system types

Related note 3360827

CVSS 5.3

Affected system type Kernel

Patchday2024-02

Released on2024/02/13

Related note 3396109

CVSS 4.7

Affected system type ABAP

Patchday2024-02

Released on2024/02/13

Related note 3158455

CVSS 4.1

Affected system type ABAP

Patchday2024-02

Released on2024/02/13

Related note 3237638

CVSS 4.3

Affected system type ABAP

Patchday2024-02

Released on2024/02/13

Related note 2897391

CVSS 4.3

Affected system type ABAP

Patchday2024-02

Released on2024/02/01

Related note 3404025

CVSS 5.4

Affected system type SAP Enable Now

Patchday2024-02

Released on2024/02/13

Related note 2637727

CVSS 6.3

Affected system type ABAP

Patchday2024-02

Released on2024/02/13

_{Related note}
3360827

_CVSS
5.3

_{Affected system
type}
Kernel

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3396109

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3158455

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
3237638

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
2897391

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/01

_{Related note}
3404025

_CVSS
5.4

_{Affected system
type}
SAP Enable Now

_Patchday
2024-02

_{Released
on}
2024/02/13

_{Related note}
2637727

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2024-02

_{Released
on}
2024/02/13