SAP Security Patch Day is a monthly event during which SAP releases security updates for their software products. These updates address potential vulnerabilities and security issues in SAP systems, and help ensure the safe and secure operation of the software.
SAP released the following security notes. There are 4 High, 17 Medium, 1 Low, and 1 HotNews Update of Google Chrome.
SAPNOTE | Title | CVSS Score | Priority |
2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10,0 | HotNews |
3271091 | [CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation | 8,5 | High priority |
3256787 | [CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC) | 8,4 | High priority |
3287291 | [CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform | 3,8 | Low priority |
3285757 | [CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service) | 8,8 | High priority |
2788178 | [CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI | 4,3 | Medium priority |
2985905 | [CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data | 6,5 | Medium priority |
3275841 | [CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation | 5,4 | Medium priority |
3293786 | [CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | 6,1 | Medium priority |
3281724 | [CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control) | 6,5 | Medium priority |
3290901 | [CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) | 6,5 | Medium priority |
3282663 | [CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application) | 6,1 | Medium priority |
3274585 | [CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework) | 6,1 | Medium priority |
3269118 | [CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework) | 6,1 | Medium priority |
3269151 | [CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework) | 6,1 | Medium priority |
3271227 | [CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 6,1 | Medium priority |
3268959 | [Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform | 6,1 | Medium priority |
3266751 | [CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2 | 6,1 | Medium priority |
3265846 | [CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application) | 6,5 | Medium priority |
3267442 | [CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application) | 6,5 | Medium priority |
3270509 | [CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager | 6,5 | Medium priority |
3263135 | [CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform | 8,5 | High priority |
3263863 | [CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface | 4,3 | Medium priority |