SAP Security Advisory: Summary of Critical Notes for February 2024

SAP’s February 2024 Security Patch Day addressed several critical and high-priority vulnerabilities across its product landscape, including a Hot News note for a code injection flaw. Key patches were released for SAP Application Basis (ABA), NetWeaver Application Server (AS) Java, SAP Cloud Connector, and SAP CRM. Administrators should prioritize the immediate application of these security […]

SAP Security Notes January 2024: Critical Vulnerabilities and Patches

The SAP Security Notes for January 2024 addressed several critical vulnerabilities, including two “Hot News” privilege escalation flaws in SAP Business Application Studio and Edge Integration Cell. A high-priority Denial of Service vulnerability in SAP NetWeaver’s ICM and a code injection flaw in the Application Interface Framework were also patched. This summary covers the key […]

SAP Security Advisory: Critical Patches for December 2023

SAP’s December 2023 security update includes critical patches for an OS command injection vulnerability in SAP S/4HANA and ECC, and high-risk vulnerabilities in the SAP Business Technology Platform (BTP). Organizations should prioritize the review and application of these notes to mitigate significant security risks. This advisory summarizes the key vulnerabilities and the required actions for […]

SAP Security Notes November 2023: Critical Business One Flaw and NetWeaver Patches

The SAP Security Notes for November 2023 featured a critical “Hot News” patch for a missing authentication vulnerability in SAP Business One, which registered a 9.6 CVSS score. Other key updates addressed a Cross-Site Request Forgery (CSRF) vulnerability in SAP Sybase and two separate information disclosure issues in SAP NetWeaver ABAP and Java servers. This […]

SAP Security Notes: October 2023 Critical Updates

October 2023 SAP security updates addressed several critical and high-priority vulnerabilities, most notably a privilege escalation flaw in the SAP Common Cryptographic Library. Administrators are advised to update their systems, specifically applying Note 3340576, to secure impacted products including SAP NetWeaver, S/4HANA, and the SAP HANA Database. The October 2023 SAP security patch cycle targeted […]

SAP Security Notes: September 2023 Vulnerability Summary

The September 2023 SAP Security Notes address critical and high-priority vulnerabilities affecting the SAP BusinessObjects Intelligence Platform (BOBJ) and the SAP Common Crypto Library. These patches remediate risks including code injection, information disclosure, cross-site scripting (XSS), and denial of service (DoS) attacks that could compromise system integrity. Executive Summary In September 2023, SAP released critical […]

SAP Security Notes: August 2023 Vulnerability Summary

The August 2023 SAP security updates address multiple critical vulnerabilities, most notably in SAP PowerDesigner, which faces a 9.8/10 CVSS-rated access control flaw. Other patches resolve issues in SAP Message Server, SAP BusinessObjects Business Intelligence (BOBJ), SAP SQL Anywhere, and SAP Commerce Cloud, requiring immediate attention to prevent unauthorized access and system compromise. Executive Summary […]

SAP Security Notes: July 2023 Vulnerability Summary

The July 2023 SAP security updates address critical vulnerabilities, including OS command injection in SAP ECC and S/4HANA (note 3350297), buffer overflow and HTTP request smuggling in SAP Web Dispatcher (notes 3340735 and 3233899), and blind SSRF and header injection in the Diagnostics Agent (notes 3352058 and 3348145). The July 2023 SAP security advisories focus […]

SAP Security Notes: June 2023 Vulnerability Summary

The June 2023 SAP security updates addressed high-priority vulnerabilities across multiple platforms, including SAP UI5, SAP Knowledge Warehouse, and various NetWeaver-based applications. These patches primarily target cross-site scripting (XSS) and clickjacking risks, providing necessary input validation and configuration restrictions to protect SAP environments from malicious exploitation. Executive Summary The June 2023 SAP security update cycle […]

SAP Security Notes: May 2023 Patch Summary

In May 2023, SAP released critical security updates addressing vulnerabilities across several platforms, most notably SAP BusinessObjects (BOBJ) and the SAP 3D Visual Enterprise License Manager. These updates include patches for information disclosure, code injection, broken authentication, and session hijacking risks that require immediate attention from security administrators. Executive Summary The May 2023 SAP security […]