SAP Security Notes - 05/23 - SecurityBridge Cloud

.no-js-class { display: none; } body { background-color: #fff; }

No JavaScript!

It seems your browser does not support JavaScript or it was disable by purpose! We use JavaScript to improve the user experience. Please consider enabling it for a better usability.

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest CVSS score is 9.8.

Severity

SAP© Security advisories 20

System Types

Affected SAP© system types

3328495

CVSS

9.8

Affected system type Reprise License Manager

Patchday 2023-05

Released on 2023/05/09

Description Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Security Advisory

3307833

CVSS

9.1

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Security Advisory

3317453

CVSS

8.2

Affected system type Java

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Security Advisory

3323415

CVSS

8.2

Affected system type SAP Integrated...

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Security Advisory

3301942

CVSS

7.9

Affected system type SAP Plant Connectivity

Patchday 2023-05

Released on 2023/05/23

Description [CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Security Advisory

3320467

CVSS

7.5

Affected system type SAP GUI / Frontend

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Security Advisory

3321309

CVSS

7.5

Affected system type SAP Commerce

Patchday 2023-05

Released on 2023/05/09

Description Information Disclosure vulnerability in SAP Commerce (Backoffice)

Security Advisory

3300624

CVSS

7.5

Affected system type SAP PowerDesigner

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Security Advisory

3320145

CVSS

7.5

Affected system type SAP Commerce

Patchday 2023-05

Released on 2023/05/09

Description Denial of service (DOS) in SAP Commerce

Security Advisory

3326210

CVSS

7.1

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Security Advisory

3313484

CVSS

6.3

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

3319400

CVSS

6.1

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

3315971

CVSS

6.1

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Security Advisory

3309935

CVSS

6.1

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

3315979

CVSS

5.4

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Security Advisory

3312892

CVSS

5.4

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Security Advisory

3038911

CVSS

5.0

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Security Advisory

1794761

CVSS

4.2

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/23

Description [CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Security Advisory

3302595

CVSS

3.7

Affected system type BI/BO platform

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Security Advisory

2335198

CVSS

2.8

Affected system type ABAP

Patchday 2023-05

Released on 2023/05/09

Description [CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Security Advisory