[Action required] SAP Security Patch Day - July 
Advisory

SAP Patches release on SAP Security Patch Day of July on 11th 2023

 

The SAP Security Patch Day in July 2023 encompassed patches for multiple SAP components. Today SAP Response Team has released several critical patches for vulnerabilities, including two notes with Hot News Priority, indicating the highest level of severity. It is imperative that immediate action is taken to address these vulnerabilities and protect your SAP systems.

One of the critical vulnerabilities is related to the browser control Google Chromium delivered with SAP Business Client (Note Number 2622660). This Note is continuously updated to reflect the vulnerability risk and requires urgent attention. The other SNote 3350297 with a with Hot News Priority addresses a specific vulnerability [CVE-2023-36922] titled OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL). Both of these vulnerabilities demand immediate remediation to ensure the security of your SAP environment. Further all customers should revisit the SAP WebDispatcher patch levels. With SNote 3233899, SAP has released a Version 6 of [CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher. Also caring a high priority SNote 3340735 titled [CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher should be implemented if applicable. 

To safeguard your systems, it is crucial to apply the necessary patches promptly. We strongly recommend prioritizing these ALL security patches to mitigate potential risks and protect against exploitation by malicious actors. Keeping your systems up to date with the latest security patches is vital in minimizing future vulnerabilities.

As a proactive measure, the SecurityBridge Team has taken swift action by updating the cloud backbone with the latest security patches. If you are a SecurityBridge customer, we highly encourage you to initiate the validation process using the Patch Management App to identify the most relevant patches for your specific environment.

At SecurityBridge, we prioritize the security of your environment and understand its significance. Our streamlined validation process aims to provide tailored guidance, recognizing the unique nature of each customer's environment. We are dedicated to assisting you in selecting the most appropriate patches that align with your system's specific requirements.

  • Share with:
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v34.1