SAP Patch Day: October 2024

Assessing Your SAP Implementation: Tips from Onapsis Research Labs

Learn how the S_ICF authorization object in SAP ABAP systems enhances security by restricting access to RFC destinations,...

SAP Patch Day: September 2024

Get the latest SAP security updates for August 2024. Find out about the HotNews and High Priority Notes, and the vulnerabilities...

Securing SAP Remote Function Calls: The Crucial Role of S_ICF Authorization

Learn how the S_ICF authorization object in SAP ABAP systems enhances security by restricting access to RFC destinations,...

SAP Note	Type	Description	Priority	CVSS
3479478	Update	[CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform BI-BIP-INV	HotNews	9.8
3523541	New	[CVE-2022-23302] Multiple vulnerabilities in SAP Enterprise Project Connection CA-EPC	High	8.0
3478615	New	[CVE-2024-37179] Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) BI-RA-WBI-BE	High	7.7
3483344	Update	[CVE-2024-39592] Missing Authorization check in SAP PDCE FIN-BA	High	7.7
3477359	Update	[CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) BC-JAS-SEC-DST	Medium	6.0
3507545	New	[CVE-2024-45278] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice CEC-SCC-CDM-BO-APP	Medium	5.4
3503462	New	[CVE-2024-47594] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) EP-KM-ADM-CFG	Medium	5.4
3520100	New	[CVE-2024-45277] Prototype Pollution vulnerability in SAP HANA Client HAN-DB-CLI	Medium	4.3
3251893	New	[CVE-2024-45282] HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) FI-FIO-AR	Medium	4.3
3481588	Update	[CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) BW-BEX-ET-WB-7X	Medium	4.3
3479293	Update	[CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM) IS-HER-CM-AD	Medium	4.3
3454858	Update	[CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform BC-SRV-DX-DXW	Medium	4.1

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

CH4TTER: Threat Actors Attacking SAP Applications

Anatomy of an Attack: C2 Incident on SAP

Your S/4HANA Cloud Journey

SAP Patch Day: October 2024

Tags

About the Author

Assessing Your SAP Implementation: Tips from Onapsis Research Labs

SAP Patch Day: September 2024

Securing SAP Remote Function Calls: The Crucial Role of S_ICF Authorization