We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 18 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 18
System Types
Affected SAP© system types
3245526
CVSS
9.9
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
3252433
CVSS
9.9
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java
3294595
CVSS
9.6
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3283438
CVSS
9.0
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
3296476
CVSS
8.8
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
3294954
CVSS
8.7
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3296346
CVSS
7.4
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
3275727
CVSS
7.2
Affected system type
SAP Host Agent
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL
3284550
CVSS
6.8
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)
3289844
CVSS
6.8
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform
3296328
CVSS
6.5
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
3287120
CVSS
6.5
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform
3281484
CVSS
6.1
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server
3302710
CVSS
6.1
Affected system type
SAP Authenticator for Android
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android
3274920
CVSS
6.1
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
3288096
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)
3288394
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)
3288480
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)