SAP Security Notes - 08/23 - SecurityBridge Cloud

.no-js-class { display: none; } body { background-color: #fff; }

No JavaScript!

It seems your browser does not support JavaScript or it was disable by purpose! We use JavaScript to improve the user experience. Please consider enabling it for a better usability.

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.8.

Severity

SAP© Security advisories 19

System Types

Affected SAP© system types

3341460

CVSS

9.8

Affected system type SAP PowerDesigner

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner

Security Advisory

3350297

CVSS

9.1

Affected system type ABAP

Patchday 2023-08

Released on 2023/07/11

Description [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Security Advisory

3346500

CVSS

8.8

Affected system type SAP Commerce Cloud

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-39439] Improper authentication in SAP Commerce Cloud

Security Advisory

3341599

CVSS

7.8

Affected system type SAP PowerDesigner

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner

Security Advisory

3317710

CVSS

7.6

Affected system type BI/BO platform

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)

Security Advisory

3358300

CVSS

7.6

Affected system type SAP Business One

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One

Security Advisory

3344295

CVSS

7.5

Affected system type Kernel

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server

Security Advisory

3312047

CVSS

7.5

Affected system type BI/BO platform

Patchday 2023-08

Released on 2023/08/08

Description Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)

Security Advisory

3337797

CVSS

7.1

Affected system type SAP Business One

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)

Security Advisory

2032723

CVSS

6.3

Affected system type ABAP

Patchday 2023-08

Released on 2014/11/11

Description Switchable authorization checks for RFC in SRM

Security Advisory

3149794

CVSS

6.1

Affected system type SAP UI5

Patchday 2023-08

Released on 2023/08/08

Description Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5

Security Advisory

3156972

CVSS

6.1

Affected system type ABAP

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

Security Advisory

3350494

CVSS

6.1

Affected system type Java

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Security Advisory

3341934

CVSS

5.9

Affected system type SAP Commerce Cloud

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)

Security Advisory

2067220

CVSS

5.8

Affected system type ABAP

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management

Security Advisory

3333616

CVSS

5.3

Affected system type SAP Business One

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)

Security Advisory

3348000

CVSS

4.9

Affected system type ABAP

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Security Advisory

3312586

CVSS

4.4

Affected system type BI/BO platform

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

3358328

CVSS

3.7

Affected system type SAP Host Agent

Patchday 2023-08

Released on 2023/08/08

Description [CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent

Security Advisory