We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Hey there! Glad you made it.
We have found 21 security advices for you to review.
Severity
SAP© Security advisories 21
System Types
Affected SAP© system types
3285757
CVSS
8.8
Affected system type
SAP Host Agent
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)
3263135
CVSS
8.5
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
3256787
CVSS
8.4
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)
3265846
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)
3281724
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)
3290901
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)
3270509
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager
2985905
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data
3267442
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)
3271227
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
3268959
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
3269151
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3269118
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3274585
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3293786
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3266751
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2
3282663
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)
3275841
CVSS
5.4
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation
3263863
CVSS
4.3
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface
2788178
CVSS
4.3
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
3287291
CVSS
3.8
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform