SAP Security Update: 16 Flaws in Multiple SAP Products Addressed
- С сайта: Vulnerability cybersecuritynews.com
- Вернуться к списку новостей
С сайта: Vulnerability cybersecuritynews.com
SAP has released patches for 16 vulnerabilities with Critical, High, Medium, and Low severities. The CVSS scores for these vulnerabilities are between 3.7 (Low) to 9.8 (Critical) which contributes to 1 Critical, 6 High, 7 Medium, and 1 Low severity vulnerability. One of the vulnerability CVSS scores is yet to be confirmed.
SAP released these patches every month on their patch day. 14 Vulnerabilities were patched as mentioned in their last patch in July. Most of the vulnerabilities this month are related to products like;
This is an improper access control vulnerability that allows an unauthenticated attacker to execute arbitrary queries against the back-end database via proxy. The CVSS score for this vulnerability is given as 9.8 ( Critical ).
High Severity Vulnerabilities SAP PowerDesigner (BC-SYB-PD) – CVE-2023-36923
This vulnerability allows an attacker with local access to place a malicious library that can be executed by the application which results in the attacker controlling the behavior of the application. The CVSS score for this vulnerability is given as 7.8 ( High )
SAP Business One (SBO-CRO-SEC) – CVE-2023-39437
This is a Cross-Site scripting (XSS) vulnerability that allows an attacker to inject malicious code on the web page or the application and deliver it to the client. This affects the Confidentiality, Integrity, and Availability of the application. The CVSS score for this vulnerability is given as 7.6 ( High ).
SAP Busi
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
SAP Security Update: 16 Flaws in Multiple SAP Products Addressed
Author: EswarSAP has released patches for 16 vulnerabilities with Critical, High, Medium, and Low severities. The CVSS scores for these vulnerabilities are between 3.7 (Low) to 9.8 (Critical) which contributes to 1 Critical, 6 High, 7 Medium, and 1 Low severity vulnerability. One of the vulnerability CVSS scores is yet to be confirmed.
SAP released these patches every month on their patch day. 14 Vulnerabilities were patched as mentioned in their last patch in July. Most of the vulnerabilities this month are related to products like;
- SAP PowerDesigner
- SAP Business One
- SAP BusinessObjects Business Intelligence Suite
- SAP BusinessObjects Business Intelligence Platform
- SAP Message Server
- SAP NetWeaver Process Integration
- SAPUI5
- SAP Commerce
- SAP Supplier Relationship Management
- SAP NetWeaver AS ABAP and ABAP Platform
- SAP Host Agent
- SAP Commerce Cloud
This is an improper access control vulnerability that allows an unauthenticated attacker to execute arbitrary queries against the back-end database via proxy. The CVSS score for this vulnerability is given as 9.8 ( Critical ).
High Severity Vulnerabilities SAP PowerDesigner (BC-SYB-PD) – CVE-2023-36923
This vulnerability allows an attacker with local access to place a malicious library that can be executed by the application which results in the attacker controlling the behavior of the application. The CVSS score for this vulnerability is given as 7.8 ( High )
SAP Business One (SBO-CRO-SEC) – CVE-2023-39437
This is a Cross-Site scripting (XSS) vulnerability that allows an attacker to inject malicious code on the web page or the application and deliver it to the client. This affects the Confidentiality, Integrity, and Availability of the application. The CVSS score for this vulnerability is given as 7.6 ( High ).
SAP Busi
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
