Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

SAP Security Patch Day – February 2023

SAP Security Patch Day is a monthly event during which SAP releases security updates for their software products. These updates address potential vulnerabilities and security issues in SAP systems, and help ensure the safe and secure operation of the software.

SAP released the following security notes. There are 4 High, 17 Medium, 1 Low, and 1 HotNews Update of Google Chrome. 

SAPNOTETitleCVSS ScorePriority
2622660Security updates for the browser control Google Chromium delivered with SAP Business Client10,0HotNews
3271091[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation8,5High priority
3256787[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)8,4High priority
3287291[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform3,8Low priority
3285757[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)8,8High priority
2788178[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI4,3Medium priority
2985905[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data6,5Medium priority
3275841[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation5,4Medium priority
3293786[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform6,1Medium priority
3281724[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)6,5Medium priority
3290901[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)6,5Medium priority
3282663[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)6,1Medium priority
3274585[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,1Medium priority
3269118[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,1Medium priority
3269151[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)6,1Medium priority
3271227[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform6,1Medium priority
3268959[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform6,1Medium priority
3266751[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.26,1Medium priority
3265846[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)6,5Medium priority
3267442[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)6,5Medium priority
3270509[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager6,5Medium priority
3263135[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform8,5High priority
3263863[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface4,3Medium priority

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below