SAP Security Patch Addresses Privilege Escalation Flaw

SAP is a main enterprise machine suite that integrates various commercial capabilities respect:-

• Finance
• Human resources
• Present chain management

This famed enterprise machine suite helps organizations to:-

• Streamline processes
• Enhance effectivity
• Build details-pushed choices

Not too lengthy prior to now, on a security whine, the German multinational machine firm SAP released a security patch for vulnerabilities respect privilege escalation flaws discovered in SAP merchandise.

SAP Security Patch

To present protection to the SAP landscape, SAP told customers to visit the SAP Toughen Portal without prolong and tell the newly released security patches.

Be particular SAP machine security through customary SAP Security Patch Days every 2nd Tuesday synchronized with well-known vendors.

Right here beneath, we respect talked about the overall security researchers who respect contributed to security patches this month:-

• Ahmed Hamza
• Amin ACHOUR
• Dzianis Skliar
• Fabian Lupa
• Ignacio Oliva
• Yvan Genuer
• Joris van de Vis
• Barhaam
• Wouter van der Houven

Right here beneath, we respect talked about the overall companies which respect contributed to security patches this month:-

• Onapsis Study Labs
• SecurityBridge
• TTG Cyber

Turning in reliable merchandise and cloud companies is SAP’s utmost dedication and priority. For details integrity and rep functioning, rep setup is a in actual fact essential ingredient.

Vulnerabilities which shall be mounted on this patch:-

• CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in capabilities developed through SAP Industry Application Studio, SAP Web IDE Fats-Stack, and SAP Web IDE for SAP HANA
• CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
• CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Edge Integration Cell
• CVE-2023-49583 (CVSS 9.1): Escalation of Privileges in SAP Industry Abilities Platform (BTP) Security Services and products Integration Libraries
• CVE-2023-50422 (CVSS 9.1): Escalation of Privileges in SAP Industry Abilities Platform (BTP) Security Services and products Integration Libraries
• CVE-2023-50423 (CVSS 9.1): Escalation of Privileges in SAP Industry Abilities Platform (BTP) Security Services and products Integration Libraries
• CVE-2023-50424 (CVSS 9.1): Escalation of Privileges in SAP Industry Abilities Platform (BTP) Security Services and products Integration Libraries
• CVE-2024-21737 (CVSS 8.4): Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
• CVE-2023-44487 (CVSS 7.5): Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform
• CVE-2024-22125 (CVSS 7.4): Files Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
• CVE-2024-21735 (CVSS 7.3): Wrong Authorization register SAP LT Replication Server
• CVE-2024-21736 (CVSS 6.4): Lacking Authorization register SAP S/4HANA Finance (Progressed Price Administration)
• CVE-2023-31405 (CVSS 5.3): Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
• CVE-2024-21738 (CVSS 4.1): Imperfect-Region Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
• CVE-2024-22124 (CVSS 4.1): Files Disclosure vulnerability in SAP NetWeaver Files superhighway Conversation Supervisor
• CVE-2024-21734 (CVSS 3.7): URL Redirection vulnerability in SAP Marketing (Contacts App)

Are trying Kelltron’s price-efficient for free to evaluate and check the security posture of digital systems