SAP Security Notes - 08/24 - SecurityBridge Cloud

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest CVSS score is 9.1.

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

_{Related note}
3477196

_CVSS
9.1

_{Affected system
type}
SAP Build Apps

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-29415] Server-Side Request Forgery vulnerability in applications built with SAP Build Apps

Security Advisory

_{Related note}
3485284

_CVSS
8.2

_{Affected system
type}
Java

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-42374] XML injection in SAP BEx Web Java Runtime Export Web Service

Security Advisory

_{Related note}
3423268

_CVSS
7.8

_{Affected system
type}
SAP Fiori

_Patchday
2024-08

_{Released
on}
2024/07/23

Description
[CVE-2023-30533] Prototype Pollution in SAP S/4 HANA (Manage Supply Protection)

Security Advisory

_{Related note}
3474590

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-42376] Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

Security Advisory

_{Related note}
3438085

_CVSS
6.3

_{Affected system
type}
Kernel / Web Dispatcher

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-33005] Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server.

Security Advisory

_{Related note}
3483256

_CVSS
5.4

_{Affected system
type}
SAP Commerce

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-41735] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice

Security Advisory

_{Related note}
3471450

_CVSS
5.3

_{Affected system
type}
SAP Commerce

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-41733] Information Disclosure Vulnerability in SAP Commerce

Security Advisory

_{Related note}
3487537

_CVSS
5.0

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-41737] Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

Security Advisory

_{Related note}
3468102

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-41732] Improper Access Control in SAP Netweaver Application Server ABAP

Security Advisory

_{Related note}
3477423

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-39591] Missing Authorization check in SAP Document Builder

Security Advisory

_{Related note}
3494349

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

Description
[CVE-2024-41734] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

Notifications

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

Related note 3477196

CVSS 9.1

Affected system type SAP Build Apps

Patchday2024-08

Released on2024/08/13

Related note 3485284

CVSS 8.2

Affected system type Java

Patchday2024-08

Released on2024/08/13

Related note 3423268

CVSS 7.8

Affected system type SAP Fiori

Patchday2024-08

Released on2024/07/23

Related note 3474590

CVSS 6.5

Affected system type ABAP

Patchday2024-08

Released on2024/08/13

Related note 3438085

CVSS 6.3

Affected system type Kernel / Web Dispatcher

Patchday2024-08

Released on2024/08/13

Related note 3483256

CVSS 5.4

Affected system type SAP Commerce

Patchday2024-08

Released on2024/08/13

Related note 3471450

CVSS 5.3

Affected system type SAP Commerce

Patchday2024-08

Released on2024/08/13

Related note 3487537

CVSS 5.0

Affected system type ABAP

Patchday2024-08

Released on2024/08/13

Related note 3468102

CVSS 4.7

Affected system type ABAP

Patchday2024-08

Released on2024/08/13

Related note 3477423

CVSS 4.3

Affected system type ABAP

Patchday2024-08

Released on2024/08/13

Related note 3494349

CVSS 4.3

Affected system type ABAP

Patchday2024-08

Released on2024/08/13

_{Related note}
3477196

_CVSS
9.1

_{Affected system
type}
SAP Build Apps

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3485284

_CVSS
8.2

_{Affected system
type}
Java

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3423268

_CVSS
7.8

_{Affected system
type}
SAP Fiori

_Patchday
2024-08

_{Released
on}
2024/07/23

_{Related note}
3474590

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3438085

_CVSS
6.3

_{Affected system
type}
Kernel / Web Dispatcher

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3483256

_CVSS
5.4

_{Affected system
type}
SAP Commerce

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3471450

_CVSS
5.3

_{Affected system
type}
SAP Commerce

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3487537

_CVSS
5.0

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3468102

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3477423

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13

_{Related note}
3494349

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2024-08

_{Released
on}
2024/08/13