We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Hey there! Glad you made it.
We have found 20 security advices for you to review.

 

 Severity
SAP© Security advisories 20
 System Types
Affected SAP© system types

 

Related note
3483344
CVSS
7.7

Affected system type
ABAP
Patchday
2024-09
Released on
2024/07/09

Description
[CVE-2024-39592] Missing Authorization check in SAP PDCE

 

Related note
3425287
CVSS
5.8

Affected system type
BI/BO platform
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform

 

Related note
3488341
CVSS
6.5

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)

 

Related note
3497347
CVSS
6.1

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA

 

Related note
3488039
CVSS
5.4

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3505503
CVSS
4.8

Affected system type
Java
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)

 

Related note
3430336
CVSS
5.9

Affected system type
SAP Commerce Cloud
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud

 

Related note
3507252
CVSS
2.0

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3505293
CVSS
4.3

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

 

Related note
3501359
CVSS
6.1

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel)

 

Related note
3498221
CVSS
4.7

Affected system type
Java
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

 

Related note
2256627
CVSS
2.7

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM)

 

Related note
3481992
CVSS
4.3

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)

 

Related note
3496410
CVSS
2.7

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3495876
CVSS
6.5

Affected system type
Sybase platform
Patchday
2024-09
Released on
2024/08/13

Description
[Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS)

 

Related note
3459935
CVSS
7.4

Affected system type
SAP Commerce Cloud
Patchday
2024-09
Released on
2024/08/13

Description
[CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud

 

Related note
3437585
CVSS
4.3

Affected system type
ABAP
Patchday
2024-09
Released on
2024/08/27

Description
[CVE-2024-44121] Information Disclosure in SAP S/4 HANA (Statutory Reports)

 

Related note
3481588
CVSS
4.3

Affected system type
ABAP
Patchday
2024-09
Released on
2024/09/10

Description
[CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)

 

Related note
3251893
CVSS
4.3

Affected system type
SAP S/4 HANA
Patchday
2024-09
Released on
2024/09/24

Description
[CVE-2024-45282] HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)

 

Related note
3479293
CVSS
4.3

Affected system type
ABAP
Patchday
2024-09
Released on
2024/08/13

Description
[CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v35.0