SAP Releases 16 New Security Notes on September 2024 Patch Day

Share This Post

Enterprise software maker SAP on Tuesday announced the release of 16 new and three updated security notes as part of its September 2024 Security Patch Day.

At the top of this month’s list of security notes are the three updates, all for notes released in August 2024 to resolve critical-, high- and medium-severity vulnerabilities.

The first of them, a hot news note that resolves a missing authorization check in BusinessObjects (CVE-2024-41730, CVSS score of 9.8), was updated with workaround instructions for customers who cannot apply the available patches, enterprise application security firm Onapsis explains.

The second, addressing a high-severity information disclosure bug in Commerce Cloud (CVE-2024-33003, CVSS score of 7.4), updates the fixed version of the affected application.

SAP also updated a medium-priority note that patches multiple security defects in Replication Server (FOSS), and released 13 other security notes fixing medium-severity flaws in NetWeaver, Commerce Cloud, BusinessObjects, Business Warehouse, S/4 HANA, and SAP for Oil & Gas.

The resolved issues include cross-site scripting (XSS), information disclosure, DLL hijacking, and missing authorization check vulnerabilities that could impact the availability, confidentiality, and integrity of the applications.

One of the notes addresses six missing authorization check flaws in NetWeaver, including one that “allows a low privileged attacker to send a crafted packet in the vulnerable function module targeting a specific user. This user will no longer have access to any functionality of SAP GUI and will thus experience a total loss of application availability,” Onapsis says.

The remaining three security notes that SAP released this month resolve low-severity missing authorization check flaws in Student Life Cycle Management (SLcM) and NetWeaver Application Server for ABAP and ABAP Platform.

Advertisement. Scroll to continue reading.

SAP makes no mention of any of these vulnerabilities being exploited in the wild. Users are advised to review SAP’s security notes and apply the fixes as soon as possible.

Related: SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

Related: 38 Tech Leaders Sign Cyber Resilience Pledge

Related: Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications

Related: In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .