[Action required] SAP Security Patch Day - May 
Advisory

SAP Patches release on SAP Security Patch Day of May on 9th 2023

 

The SAP Security Patch Day of May 2023 included patches for various SAP components while SAP BusinessObjects is a focus area. The May release addressing vulnerabilities ranging from information disclosure and cross-site scripting (XSS) to privilege escalation and denial of service (DoS) attacks.

One of the vulnerabilities addressed was a high priority issue with a CVSS score of 9.8 in the Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager. This vulnerability could allow an attacker to execute arbitrary code and potentially take control of affected systems.

Another high priority vulnerability with a CVSS score of 8.2 was found in the SAP AS NetWeaver JAVA component, where improper access control during application start-up could enable an attacker to gain unauthorized access to sensitive data.

In addition, several medium and low priority vulnerabilities were also addressed, including XSS vulnerabilities in SAP CRM WebClient UI and BusinessObjects Business Intelligence platform, as well as an information disclosure vulnerability in SAP GUI for Windows.

Customers who use these affected components are strongly advised to apply the necessary patches as soon as possible to protect their systems from potential attacks. It is also recommended to keep systems up to date with the latest security patches to minimize the risk of future vulnerabilities.

As a response, the SecurityBridge Team has taken immediate action by updating the cloud backbone with the latest security patches. If you are a SecurityBridge customer, it is highly recommended that you initiate the validation process to determine which patches are most relevant to your environment.

The team at SecurityBridge recognizes that the security of your environment is of utmost importance, and as such, the validation process has been streamlined to ensure maximum efficiency. We understand that each customer's environment is unique, and that is why our validation process is tailored to provide you with the necessary guidance to select the most relevant patches for your system.

In summary, we urge all SecurityBridge customers to begin the download and validation process as soon as possible to ensure the highest level of security for their environment.

Please visit https://securitybridge.com/sap-patchday/  to find an overview of all articles that we have create about recent SAP Security Patch Days. Furthermore you can find the specific May 2023 article via this direct link: https://securitybridge.com/sap-patchday/sap-security-patch-day-may-2023/.


Updates from previous releases

3117978

[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

2622660

Security updates for the browser control Google Chromium delivered with SAP Business Client

  • Share with:
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v34.1