SAP Security Notes November 2024: Critical Vulnerabilities and Patches
SAP’s November 2024 Security Notes address several high-priority vulnerabilities. The most critical is a Cross-Site Scripting (XSS) flaw in the SAP Web Dispatcher that allows for full compromise. Other key patches fix privilege escalation issues in SAP PDCE and SAP Host Agent, and authorization problems in NetWeaver AS Java. This advisory summarizes the key vulnerabilities […]
SAP Security Notes October 2024: Analysis of Critical BOBJ and High-Risk Patches
The October 2024 SAP Security Notes feature a critical update for a missing authentication check in SAP BusinessObjects (BOBJ) that can compromise SSO tickets. Other high-risk notes address a file upload vulnerability in BOBJ, open-source library issues in SAP Enterprise Project Connection, and information disclosure in NetWeaver. SAP’s October 2024 security update is led by […]
SAP Security Notes September 2024: Key Vulnerabilities & Patches
SAP’s September 2024 security update addresses several key vulnerabilities, including a high-priority information disclosure flaw in SAP Commerce Cloud that could expose Personally Identifiable Information (PII). The patches also fix multiple Cross-Site Scripting (XSS) and authorization vulnerabilities across SAP NetWeaver, CRM, and Enterprise Portal, requiring immediate attention from administrators. This advisory summarizes the most significant […]
SAP Security Notes August 2024: Critical Flaws in Build Apps and BOBJ
SAP’s August 2024 security advisories address several critical vulnerabilities, including a Server-Side Request Forgery (SSRF) in SAP Build Apps and a missing authentication check in SAP BusinessObjects Business Intelligence Platform (BOBJ). These high-priority patches require immediate attention to prevent potential system compromise and data leakage. The August 2024 SAP Patch Day released fixes for multiple […]
SAP Security Notes July 2024: Key Vulnerabilities & Patches
SAP’s July 2024 security notes address several critical vulnerabilities, led by a high-risk missing authentication check in SAP S/4HANA. Also included are patches for a password misuse flaw in SAP Commerce, an information disclosure bug in SAP NetWeaver, and multiple cross-site scripting vulnerabilities. Executive Summary The July 2024 SAP Security Patch Day features several important […]
SAP Security Notes June 2024: High-Priority Fixes for AS Java and S/4HANA
SAP’s June 2024 Patch Day addresses several key vulnerabilities, including a high-priority denial of service issue in NetWeaver AS Java and privilege escalation flaws in S/4HANA and BW/4HANA. Organizations should prioritize applying these patches to mitigate risks of system downtime, data exposure, and unauthorized access. This summary covers the most significant security notes released on […]
SAP Security Notes May 2024: Analysis of Critical Patches
SAP’s May 2024 security update addresses several critical and high-risk vulnerabilities, led by a “Hot news” note for a file upload flaw in SAP NetWeaver. Other significant patches include fixes for remote code execution in SAP CX Commerce and multiple cross-site scripting (XSS) vulnerabilities in BusinessObjects and NetWeaver ABAP. The May 2024 SAP Security Notes […]
SAP Security Notes April 2024: Key Vulnerabilities and Patches
SAP’s April 2024 Security Patch Day addressed 10 new security notes, including three high-priority vulnerabilities. The most critical note, 3434839, tackles a security misconfiguration in SAP NetWeaver AS Java that could allow for weak passwords. Other significant patches address an information disclosure flaw in SAP BusinessObjects and a directory traversal vulnerability in SAP Asset Accounting. […]
SAP Security Notes March 2024: AEO Optimized Summary
SAP’s March 2024 security updates addressed several critical and high-priority vulnerabilities requiring attention from administrators. The patches included two “Hot News” notes for code injection flaws in SAP Build Apps and SAP NetWeaver AS Java, alongside high-priority fixes for path traversal in BusinessObjects, Denial-of-Service in HANA XS, and an authentication flaw in SAP Commerce Cloud. […]
SAP Security Advisory: Summary of Critical Notes for February 2024
SAP’s February 2024 Security Patch Day addressed several critical and high-priority vulnerabilities across its product landscape, including a Hot News note for a code injection flaw. Key patches were released for SAP Application Basis (ABA), NetWeaver Application Server (AS) Java, SAP Cloud Connector, and SAP CRM. Administrators should prioritize the immediate application of these security […]