We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Hey there! Glad you made it.
We have found 14 security advices for you to review.
Severity
SAP© Security advisories 14
System Types
Affected SAP© system types
3490515
CVSS
7.2
Affected system type
SAP Commerce
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce
3466801
CVSS
6.9
Affected system type
SAP Landscape...
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
3482217
CVSS
6.1
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation
3468681
CVSS
6.1
Affected system type
Java
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor
3467377
CVSS
6.1
Affected system type
SAP CRM UI
Patchday
2024-07
Released on
2024/07/09
Description
[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
3457354
CVSS
5.4
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
3483993
CVSS
5.0
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-34689] Prerequisite for Security Note 3458789
3458789
CVSS
5.0
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
3461110
CVSS
5.0
Affected system type
SAP GUI / Frontend
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows
3485805
CVSS
5.0
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-34689] Allowlisting of callback-URLs in SAP Business Workflow (WebFlow Services)
3469958
CVSS
5.0
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)
3456952
CVSS
4.7
Affected system type
ABAP
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform
3476348
CVSS
4.3
Affected system type
SAP Enable Now
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
3476340
CVSS
3.3
Affected system type
SAP Enable Now
Patchday
2024-07
Released on
2024/07/09
Description
[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now