Skip links

May 2024 SAP Security Patch Day

  1. Vulnerability: Multiple vulnerabilities in SAP CX Commerce
    1. SAP Component: CEC-SCC-PLA-PL
    2. CVE ID: CVE-2019-17495
    3. CVSS Score: 9.8
    4. CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    5. Category: Program error
    6. Priority: HotNews
    7. Released On: 14.05.2024
    8. First Released On: 14.05.2024

  2. Vulnerability: File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-SRV-KPR-CMS
    • CVE ID: CVE-2024-33006
    • CVSS Score: 9.6
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
    • Category: Program error
    • Priority: HotNews
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  3. Vulnerability: Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
    • SAP Component: BI-BIP-INV
    • CVE ID: CVE-2024-28165
    • CVSS Score: 8.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
    • Category: Program error
    • Priority: Correction with high priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  4. Vulnerability: Information Disclosure in Enterprise Services Repository of SAP Process Integration
    • SAP Component: BC-XI-IBD-INF
    • CVE ID: (Not provided)
    • CVSS Score: 5.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 11.05.2021

  5. Vulnerability: Missing Authorization check in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    • SAP Component: FI-FIO-AR-PAY
    • CVE ID: Multiple CVEs
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  6. Vulnerability: SQL injection vulnerability in SAP Global Label Management (GLM)
    • SAP Component: EHS-SAF-GLM
    • CVE ID: CVE-2024-33009
    • CVSS Score: 4.2
    • CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  7. Vulnerability: Memory Corruption vulnerability in SAP Replication Server
    • SAP Component: BC-SYB-REP
    • CVE ID: CVE-2024-33008
    • CVSS Score: 4.9
    • CVSS Vector: CVSS:/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  8. Vulnerability: Potential information disclosure relating to PI Integration Directory
    • SAP Component: BC-XI-IBC
    • CVE ID: (Not provided)
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 07.12.2017

  9. Vulnerability: Missing Authorization check in SAP My Travel Requests
    • SAP Component: FI-TV-ODT-MTR
    • CVE ID: CVE-2024-32731
    • CVSS Score: 5.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  10. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-MID-AC
    • CVE ID: CVE-2024-32733
    • CVSS Score: 6.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  11. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
    • SAP Component: BC-SRV-GBT-GOS
    • CVE ID: CVE-2024-34687
    • CVSS Score: 6.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  12. Vulnerability: Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)
    • SAP Component: BC-EIM-ESH
    • CVE ID: CVE-2024-33002
    • CVSS Score: 6.1
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  13. Vulnerability: Client-side script execution vulnerability in SAP UI5 (PDFViewer)
    • SAP Component: CA-UI5-SC
    • CVE ID: CVE-2024-33007
    • CVSS Score: 3.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
    • Category: Program error
    • Priority: Correction with low priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  14. Vulnerability: Missing Authorization check in SAP Bank Account Management
    • SAP Component: FIN-FSCM-CLM-BAM
    • CVE ID: CVE-2024-33000
    • CVSS Score: 3.5
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with low priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  15. Vulnerability: Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
    • SAP Component: BI-BIP-INV
    • CVE ID: CVE-2024-33004
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 14.05.2024

  16. Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
    • SAP Component: BC-XI-IBC
    • CVE ID: (Not provided)
    • CVSS Score: 4.3
    • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • Category: Program error
    • Priority: Correction with medium priority
    • Released On: 14.05.2024
    • First Released On: 07.12.2017

May 2024 SAP Security Patch Day Highlights:

  1. Total Number of Vulnerabilities: 16
  2. Distribution of Vulnerabilities by Priority:
    • HotNews: 2 vulnerabilities
    • Correction with high priority: 1 vulnerability
    • Correction with medium priority: 9 vulnerabilities
    • Correction with low priority: 3 vulnerabilities
    • Not specified: 1 vulnerability
  3. Distribution of Vulnerabilities by Category:
    • Program error: 16 vulnerabilities
  4. Distribution of Vulnerabilities by CVSS Score:
    • Score 9.8: 1 vulnerability
    • Score 9.6: 1 vulnerability
    • Score 8.1: 1 vulnerability
    • Score 6.5: 1 vulnerability
    • Score 6.1: 2 vulnerabilities
    • Score 5.5: 1 vulnerability
    • Score 5.3: 1 vulnerability
    • Score 4.9: 1 vulnerability
    • Score 4.3: 3 vulnerabilities
    • Score 4.2: 1 vulnerability
    • Score 3.5: 2 vulnerabilities
    • Score 3.5: 1 vulnerability
    • Score 3.5: 1 vulnerability
  5. Distribution of Vulnerabilities by SAP Component:
    • BC-SRV-KPR-CMS: 1 vulnerability
    • BC-EIM-ESH: 1 vulnerability
    • BI-BIP-INV: 2 vulnerabilities
    • CA-UI5-SC: 1 vulnerability
    • CEC-SCC-PLA-PL: 1 vulnerability
    • EHS-SAF-GLM: 1 vulnerability
    • BC-SYB-REP: 1 vulnerability
    • BC-XI-IBD-INF: 1 vulnerability
    • BC-XI-IBC: 2 vulnerabilities
    • FIN-FSCM-CLM-BAM: 1 vulnerability
    • FI-FIO-AR-PAY: 1 vulnerability
    • BC-MID-AC: 1 vulnerability
    • BC-SRV-GBT-GOS: 1 vulnerability
    • FI-TV-ODT-MTR: 1 vulnerability

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies