SAP is a leading enterprise software suite that integrates various business functions like:-
Finance
Human resources
Supply chain management
This renowned enterprise software suite helps organizations to:-
Streamline processes
Enhance efficiency
Make data-driven decisions
Recently, on a security note, the German multinational software company SAP released a security patch for vulnerabilities like privilege escalation flaws discovered in SAP products.
Document
Free Webinar
Fastrack Compliance: The Path to ZERO-Vulnerability
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
SAP Security Patch
To protect the SAP landscape, SAP urged customers to visit the SAP Support Portal immediately and apply the newly released security patches.
Ensure SAP software security through regular SAP Security Patch Days every second Tuesday synchronized with major vendors.
Here below, we have mentioned all the security researchers who have contributed to security patches this month:-
Ahmed Hamza
Amin ACHOUR
Dzianis Skliar
Fabian Lupa
Ignacio Oliva
Yvan Genuer
Joris van de Vis
Barhaam
Wouter van der Houven
Here below, we have mentioned all the companies that have contributed to security patches this month:-
Onapsis Research Labs
SecurityBridge
TTG Cyber
Delivering reliable products and cloud services is SAP’s utmost commitment and priority. For data integrity and secure functioning, secure setup is a crucial element.
Vulnerabilities that are fixed in this patch:-
CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack, and SAP Web IDE for SAP HANA
CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
CVE-2023-50423 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
CVE-2023-50424 (CVSS 9.1): Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
CVE-2024-21737 (CVSS 8.4): Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
CVE-2023-44487 (CVSS 7.5): Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform
CVE-2024-22125 (CVSS 7.4): Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
CVE-2024-21735 (CVSS 7.3): Improper Authorization check in SAP LT Replication Server
CVE-2024-21736 (CVSS 6.4): Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
CVE-2023-31405 (CVSS 5.3): Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
CVE-2024-21738 (CVSS 4.1): Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
CVE-2024-22124 (CVSS 4.1): Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
CVE-2024-21734 (CVSS 3.7): URL Redirection vulnerability in SAP Marketing (Contacts App)
Try Kelltron’s cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems
The post SAP Security Patch Addresses Privilege Escalation Flaw appeared first on Cyber Security News.
Cyber Security News
