Read our latest SAP security bulletins to patch vulnerabilities in your SAP systems and stay ahead of emerging threats.
Our Threat Intelligence team provides continuous monitoring and expert analysis of the latest SAP Security Notes and vulnerabilities. This repository serves as a critical resource for SAP Basis and Security teams to identify, prioritize, and remediate flaws in S/4HANA, ECC, and other SAP solutions. By delivering structured advisories on security notes and high-priority patches, we help organizations reduce their mean-time-to-remediation (MTTR) and protect mission-critical SAP solutions from exploitation.
Hot news note 3350297 for a critical OS command injection vulnerability in SAP ECC and S/4HANA was re-released with instructions for confirming the prerequisites for the note. The IS-OIL component must be enabled in order for the note to be applicable. The note includes instructions for checking whether the component and supporting switches are enabled
Notes 3324285 and 3326210 patch high priority vulnerabilities in SAP UI5. The former applies input validation to block the storage and reading of malicious scripts that could lead to cross-site scripting. The latter introduces additional restrictions to prevent the injection of untrusted CSS that can be exploited to perform clickjacking exploits. Note 3326210 includes a
Hot news note 3307833 patches a critical information disclosure vulnerability in SAP BusinessObjects Business Intelligence (BOBJ) platform. The vulnerability can be exploited by authenticated threat actors with administrator privileges to compromise the login token of any logged-in BI user or server over the network. The login ticket can be used to access the platform with
Hot news note 3305369 patches missing authentication check and code injection vulnerabilities in the SAP Diagnostics Agent. The note removes the EventLogServiceCollector and OSCommand Bridge components from the Agent to address the vulnerability. The patch does not effect metric data collection for data collectors that use the Agent. However, it will disable metric testing. Hot
Hot news note 3273480 was updated in March for SP026 of NetWeaver Application Server Java (AS Java) 7.50. The note deals with a critical SQL injection vulnerability that can be exploited by unauthenticated attackers that attach to an open interface exposed through JNDI by User Defined Search (UDS) of AS Java. The fix included in
Hot news note 3273480 was updated in February for a critical vulnerability that could enable attackers to compromise installations of NetWeaver Application Server Java (AS Java) via an open JNDI interface exposed through User Defined Search (UDS). The updates include corrections for side effects caused by the original fix for the vulnerability that implemented authorization
Hot news note 3089413 patches a critical capture-replay vulnerability that can lead to authentication bypass in SAP NetWeaver Application Server ABAP (AS ABAP). The vulnerability is caused by the failure to use unique hashes for system identification. Note 3089413 includes corrections for the SAP kernel and the SAP Basis component. The corrections must be applied
Hot news notes 3267780 and 3273480 patch critical broken authentication vulnerabilities in SAP NetWeaver Application Server Java (AS Java). Threat actors can exploit the vulnerabilities to attach to an open interface exposed through JNDI by the Messaging System and User Defined Search (UDS) of SAP NetWeaver AS Java. Once attached, they can make use of
Hot news note 3243924 for CVE-2022-41203 patches a critical vulnerability related to insecure deserialization of untrusted data in the Central Management Console (CMC) and BI Launchpad of SAP BusinessObjects Business Intelligence Platform (BOBJ). The vulnerability impacts versions 4.2 and 4.3 of BOBJ and can be exploited by threat actors to bypass authentication, inject malicious code,
Hot news note 3239152 patches a critical URL redirection vulnerability in SAP Commerce Cloud. The vulnerability can be exploited to manipulate URLs and redirect users to logon pages controlled by threat actors. User submissions served by attacker-controlled servers can be used to steal logon credentials and hijack accounts. Note 3239152 includes a fix for specific
Note 3237075 patches a high priority vulnerability in SAP GRC Access Control that could be exploited by attackers to access Firefighter sessions even after they are closed in the Firefighter Logon Pad. Firefighter IDs are dedicated user identities with elevated privileges that are activated when required and controlled through Emergency Access Management (EAM) in SAP
Note 3102769 was rereleased in August with updated solution information. The workaround detailed in the original note has been moved to the new note 3221696. The workaround provides steps for deactivating the SAP IKS component to address a high priority cross-site scripting (XSS) vulnerability in SAP Knowledge Warehouse. Note 3150454 was also updated to enforce