We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 12 and the highest
CVSS
score is 9.1.
Severity
SAP© Security advisories 12
System Types
Affected SAP© system types
3420923
CVSS
9.1
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis)
3426111
CVSS
8.6
Affected system type
Java
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-24743] XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
3410875
CVSS
7.6
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-22130] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
3424610
CVSS
7.4
Affected system type
SAP Cloud Connector
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-25642] Improper Certificate Validation in SAP Cloud Connector
3421659
CVSS
7.4
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-22132] Code Injection vulnerability in SAP IDES Systems
2637727
CVSS
6.3
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-24739] Missing authorization check in SAP Bank Account Management
3404025
CVSS
5.4
Affected system type
SAP Enable Now
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion
3360827
CVSS
5.3
Affected system type
Kernel
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)
3396109
CVSS
4.7
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML
3237638
CVSS
4.3
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-25643] Missing authorization check in SAP Fiori app ("My Overtime Requests")
2897391
CVSS
4.3
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/01
Description
[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material
3158455
CVSS
4.1
Affected system type
ABAP
Patchday
2024-02
Released on
2024/02/13
Description
[CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)