Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

May 2024 SAP Security Patch Day

  1. Vulnerability: Multiple vulnerabilities in SAP CX Commerce
    1. SAP Component: CEC-SCC-PLA-PL
    2. CVE ID: CVE-2019-17495
    3. CVSS Score: 9.8
    4. CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    5. Category: Program error
    6. Priority: HotNews
    7. Released On: 14.05.2024
    8. First Released On: 14.05.2024

  2. Vulnerability: File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-SRV-KPR-CMS
    • CVE ID: CVE-2024-33006
    • CVSS Score: 9.6
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
    • Category: Program error
    • Priority: HotNews
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  3. Vulnerability: Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
    • SAP Component: BI-BIP-INV
    • CVE ID: CVE-2024-28165
    • CVSS Score: 8.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
    • Category: Program error
    • Priority: Correction with high priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  4. Vulnerability: Information Disclosure in Enterprise Services Repository of SAP Process Integration
    • SAP Component: BC-XI-IBD-INF
    • CVE ID: (Not provided)
    • CVSS Score: 5.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 11.05.2021

  5. Vulnerability: Missing Authorization check in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    • SAP Component: FI-FIO-AR-PAY
    • CVE ID: Multiple CVEs
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  6. Vulnerability: SQL injection vulnerability in SAP Global Label Management (GLM)
    • SAP Component: EHS-SAF-GLM
    • CVE ID: CVE-2024-33009
    • CVSS Score: 4.2
    • CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  7. Vulnerability: Memory Corruption vulnerability in SAP Replication Server
    • SAP Component: BC-SYB-REP
    • CVE ID: CVE-2024-33008
    • CVSS Score: 4.9
    • CVSS Vector: CVSS:/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  8. Vulnerability: Potential information disclosure relating to PI Integration Directory
    • SAP Component: BC-XI-IBC
    • CVE ID: (Not provided)
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 07.12.2017

  9. Vulnerability: Missing Authorization check in SAP My Travel Requests
    • SAP Component: FI-TV-ODT-MTR
    • CVE ID: CVE-2024-32731
    • CVSS Score: 5.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  10. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-MID-AC
    • CVE ID: CVE-2024-32733
    • CVSS Score: 6.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  11. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
    • SAP Component: BC-SRV-GBT-GOS
    • CVE ID: CVE-2024-34687
    • CVSS Score: 6.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  12. Vulnerability: Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)
    • SAP Component: BC-EIM-ESH
    • CVE ID: CVE-2024-33002
    • CVSS Score: 6.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  13. Vulnerability: Client-side script execution vulnerability in SAP UI5 (PDFViewer)
    • SAP Component: CA-UI5-SC
    • CVE ID: CVE-2024-33007
    • CVSS Score: 3.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
    • Category: Program error
    • Priority: Correction with low priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  14. Vulnerability: Missing Authorization check in SAP Bank Account Management
    • SAP Component: FIN-FSCM-CLM-BAM
    • CVE ID: CVE-2024-33000
    • CVSS Score: 3.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with low priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  15. Vulnerability: Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
    • SAP Component: BI-BIP-INV
    • CVE ID: CVE-2024-33004
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  16. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-XI-IBC
    • CVE ID: (Not provided)
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 07.12.2017

May 2024 SAP Security Patch Day Highlights:

  1. Total Number of Vulnerabilities: 16
  2. Distribution of Vulnerabilities by Priority:
    • HotNews: 2 vulnerabilities
    • Correction with high priority: 1 vulnerability
    • Correction with medium priority: 9 vulnerabilities
    • Correction with low priority: 3 vulnerabilities
    • Not specified: 1 vulnerability
  3. Distribution of Vulnerabilities by Category:
    • Program error: 16 vulnerabilities
  4. Distribution of Vulnerabilities by CVSS Score:
    • Score 9.8: 1 vulnerability
    • Score 9.6: 1 vulnerability
    • Score 8.1: 1 vulnerability
    • Score 6.5: 1 vulnerability
    • Score 6.1: 2 vulnerabilities
    • Score 5.5: 1 vulnerability
    • Score 5.3: 1 vulnerability
    • Score 4.9: 1 vulnerability
    • Score 4.3: 3 vulnerabilities
    • Score 4.2: 1 vulnerability
    • Score 3.5: 2 vulnerabilities
    • Score 3.5: 1 vulnerability
    • Score 3.5: 1 vulnerability
  5. Distribution of Vulnerabilities by SAP Component:
    • BC-SRV-KPR-CMS: 1 vulnerability
    • BC-EIM-ESH: 1 vulnerability
    • BI-BIP-INV: 2 vulnerabilities
    • CA-UI5-SC: 1 vulnerability
    • CEC-SCC-PLA-PL: 1 vulnerability
    • EHS-SAF-GLM: 1 vulnerability
    • BC-SYB-REP: 1 vulnerability
    • BC-XI-IBD-INF: 1 vulnerability
    • BC-XI-IBC: 2 vulnerabilities
    • FIN-FSCM-CLM-BAM: 1 vulnerability
    • FI-FIO-AR-PAY: 1 vulnerability
    • BC-MID-AC: 1 vulnerability
    • BC-SRV-GBT-GOS: 1 vulnerability
    • FI-TV-ODT-MTR: 1 vulnerability

Udemy SAP Security Course.

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. This course will help you master SAP security fundamentals, from securing SAP environments to managing user access and addressing vulnerabilities. It is ideal for IT professionals and SAP administrators, providing practical skills to safeguard critical business assets. Whether you’re a beginner or an expert looking to deepen your SAP security knowledge, this course is perfect for you.

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN