We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest
CVSS
score is 9.1.
Severity
SAP© Security advisories 11
System Types
Affected SAP© system types
3477196
CVSS
9.1
Affected system type
SAP Build Apps
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps
3485284
CVSS
8.2
Affected system type
Java
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service
3423268
CVSS
7.8
Affected system type
SAP Fiori
Patchday
2024-08
Released on
2024/07/23
Description
[CVE-2023-30533] Prototype Pollution in SAP S/4 HANA (Manage Supply Protection)
3474590
CVSS
6.5
Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
3438085
CVSS
6.3
Affected system type
Kernel / Web Dispatcher
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-33005] Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server.
3483256
CVSS
5.4
Affected system type
SAP Commerce
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
3471450
CVSS
5.3
Affected system type
SAP Commerce
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce
3487537
CVSS
5.0
Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)
3468102
CVSS
4.7
Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP
3477423
CVSS
4.3
Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-39591] Missing Authorization check in SAP Document Builder
3494349
CVSS
4.3
Affected system type
ABAP
Patchday
2024-08
Released on
2024/08/13
Description
[CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform