- Vulnerability: Multiple vulnerabilities in SAP CX Commerce
- SAP Component: CEC-SCC-PLA-PL
- CVE ID: CVE-2019-17495
- CVSS Score: 9.8
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Category: Program error
- Priority: HotNews
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
- SAP Component: BC-SRV-KPR-CMS
- CVE ID: CVE-2024-33006
- CVSS Score: 9.6
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Category: Program error
- Priority: HotNews
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
- SAP Component: BI-BIP-INV
- CVE ID: CVE-2024-28165
- CVSS Score: 8.1
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Category: Program error
- Priority: Correction with high priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Information Disclosure in Enterprise Services Repository of SAP Process Integration
- SAP Component: BC-XI-IBD-INF
- CVE ID: (Not provided)
- CVSS Score: 5.3
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 11.05.2021
- Vulnerability: Missing Authorization check in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
- SAP Component: FI-FIO-AR-PAY
- CVE ID: Multiple CVEs
- CVSS Score: 4.3
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: SQL injection vulnerability in SAP Global Label Management (GLM)
- SAP Component: EHS-SAF-GLM
- CVE ID: CVE-2024-33009
- CVSS Score: 4.2
- CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Memory Corruption vulnerability in SAP Replication Server
- SAP Component: BC-SYB-REP
- CVE ID: CVE-2024-33008
- CVSS Score: 4.9
- CVSS Vector: CVSS:/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Potential information disclosure relating to PI Integration Directory
- SAP Component: BC-XI-IBC
- CVE ID: (Not provided)
- CVSS Score: 4.3
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 07.12.2017
- Vulnerability: Missing Authorization check in SAP My Travel Requests
- SAP Component: FI-TV-ODT-MTR
- CVE ID: CVE-2024-32731
- CVSS Score: 5.5
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
- SAP Component: BC-MID-AC
- CVE ID: CVE-2024-32733
- CVSS Score: 6.1
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
- SAP Component: BC-SRV-GBT-GOS
- CVE ID: CVE-2024-34687
- CVSS Score: 6.5
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)
- SAP Component: BC-EIM-ESH
- CVE ID: CVE-2024-33002
- CVSS Score: 6.1
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Client-side script execution vulnerability in SAP UI5 (PDFViewer)
- SAP Component: CA-UI5-SC
- CVE ID: CVE-2024-33007
- CVSS Score: 3.5
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Category: Program error
- Priority: Correction with low priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Missing Authorization check in SAP Bank Account Management
- SAP Component: FIN-FSCM-CLM-BAM
- CVE ID: CVE-2024-33000
- CVSS Score: 3.5
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Category: Program error
- Priority: Correction with low priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
- SAP Component: BI-BIP-INV
- CVE ID: CVE-2024-33004
- CVSS Score: 4.3
- CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 14.05.2024
- Vulnerability: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
- SAP Component: BC-XI-IBC
- CVE ID: (Not provided)
- CVSS Score: 4.3
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Category: Program error
- Priority: Correction with medium priority
- Released On: 14.05.2024
- First Released On: 07.12.2017
May 2024 SAP Security Patch Day Highlights:
- Total Number of Vulnerabilities: 16
- Distribution of Vulnerabilities by Priority:
- HotNews: 2 vulnerabilities
- Correction with high priority: 1 vulnerability
- Correction with medium priority: 9 vulnerabilities
- Correction with low priority: 3 vulnerabilities
- Not specified: 1 vulnerability
- Distribution of Vulnerabilities by Category:
- Program error: 16 vulnerabilities
- Distribution of Vulnerabilities by CVSS Score:
- Score 9.8: 1 vulnerability
- Score 9.6: 1 vulnerability
- Score 8.1: 1 vulnerability
- Score 6.5: 1 vulnerability
- Score 6.1: 2 vulnerabilities
- Score 5.5: 1 vulnerability
- Score 5.3: 1 vulnerability
- Score 4.9: 1 vulnerability
- Score 4.3: 3 vulnerabilities
- Score 4.2: 1 vulnerability
- Score 3.5: 2 vulnerabilities
- Score 3.5: 1 vulnerability
- Score 3.5: 1 vulnerability
- Distribution of Vulnerabilities by SAP Component:
- BC-SRV-KPR-CMS: 1 vulnerability
- BC-EIM-ESH: 1 vulnerability
- BI-BIP-INV: 2 vulnerabilities
- CA-UI5-SC: 1 vulnerability
- CEC-SCC-PLA-PL: 1 vulnerability
- EHS-SAF-GLM: 1 vulnerability
- BC-SYB-REP: 1 vulnerability
- BC-XI-IBD-INF: 1 vulnerability
- BC-XI-IBC: 2 vulnerabilities
- FIN-FSCM-CLM-BAM: 1 vulnerability
- FI-FIO-AR-PAY: 1 vulnerability
- BC-MID-AC: 1 vulnerability
- BC-SRV-GBT-GOS: 1 vulnerability
- FI-TV-ODT-MTR: 1 vulnerability
