Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
We have found 10 security advices for you to review.
Severity
SAP© Security advisories 10
System Types
Affected SAP© system types
Affected system
type
BI/BO platform
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-25646] Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence
Affected system
type
Java
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-27898] Server-Side Request Forgery in SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear)
Affected system
type
ABAP
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-30217] Missing Authorization check in SAP S/4 HANA (Cash Management)
Affected system
type
SAP Business Connector
Patchday
2024-04
Released
on
2024/04/09
Description
[Multiple CVEs] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Connector
Affected system
type
ABAP
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-27901] Directory Traversal vulnerability in SAP Asset Accounting
Affected system
type
SAP Edge Integration
Patchday
2024-04
Released
on
2024/04/09
Description
Stack overflow vulnerability on the component images of SAP Integration Suite (EDGE INTEGRATION CELL)
Affected system
type
ABAP
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-28167] Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)
Affected system
type
Kernel
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-30218] Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-30216] Missing Authorization check in SAP S/4 HANA (Cash Management)
Affected system
type
Java
Patchday
2024-04
Released
on
2024/04/09
Description
[CVE-2024-27899] Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine