SAP Security Note 3140564

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 5 security advices for you to review.

Severity

SAP© Security advisories 5

System Types

Affected SAP© system types

_{Related note}
2927164

_CVSS
7.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management

Security Advisory

_{Related note}
3581811

_CVSS
7.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-27428] Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Security Advisory

_{Related note}
3590984

_CVSS
8.1

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud

Security Advisory

_{Related note}
3554667

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3525794

_CVSS
8.8

_{Affected system
type}
BI/BO platform

_Patchday
2025-04

_{Released
on}
2025/02/11

Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

Security Advisory

Notifications

Severity

SAP© Security advisories 5

System Types

Affected SAP© system types

Related note 2927164

CVSS 7.7

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3581811

CVSS 7.7

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3590984

CVSS 8.1

Affected system type SAP Commerce Cloud

Patchday2025-04

Released on2025/04/08

Related note 3554667

CVSS 8.5

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3525794

CVSS 8.8

Affected system type BI/BO platform

Patchday2025-04

Released on2025/02/11

_{Related note}
2927164

_CVSS
7.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3581811

_CVSS
7.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3590984

_CVSS
8.1

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3554667

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3525794

_CVSS
8.8

_{Affected system
type}
BI/BO platform

_Patchday
2025-04

_{Released
on}
2025/02/11