www.sap.com Open in urlscan Pro
2a02:26f0:6c00:183::1e22  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Javascript must be enabled for the correct page display

Skip to Content
 * Products
 * Services and Support
 * Learning
 * Community
 * Partner
 * About

Explore SAP

Contact Us Contact us

Chat now
Contact us



 * Home
 * SAP Patch Day Blog


SAP PATCH DAY BLOG

This file lists what security notes were published on a certain Patch Day.
Download the Document

6

198%


Public
SAP Security Patch Day – February 2023

2
OBJECTIVE :
This post shares information on Security Notes that remediate vulnerabilities
discovered in SAP products.
SAP strongly recommends that the customer visits the Support Portal and applies
patches on priority to
protect their SAP landscape.
To know more about the security researchers and research companies who have
contributed for security
patches of this month, visit here.
SAP is committed to delivering trustworthy products and cloud services. Secure
configuration is essential to
ensuring secure operation and data integrity. We have therefore documented
security recommendations that
are consolidated in this document to help you configure the best security for
your SAP portfolio.
Archived blogs from 2022 are available here.
If you have any comments or feedback about this post, you can write to
secure@sap.com.
FEBRUARY 2023
On 14th of February 2023, SAP Security Patch Day saw the release of 21 new
Security Notes. Further, there
were 5 updates to previously released Security Notes.
Note# Title Priority CVSS
2622660 Update to Security Note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered
with SAP Business Client
Product - SAP Business Client, Versions - 6.5, 7.0, 7.70
Hot News 10.0
3285757 [CVE-2023-24523] Privilege Escalation vulnerability in SAP Start
Service
Product - SAP Host Agent Service, Versions - 7.21, 7.22
High 8.8
3268172 Update to Security Note released on December 2022 Patch Day:
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS
Product – SAP BASIS, Versions – 731, 740, 750, 751, 752, 753, 754, 755,
756, 757, 789, 790, 791
High 8.8
3263135 [CVE-2023-0020] Information disclosure vulnerability in SAP
BusinessObjects Business Intelligence platform
Product - SAP BusinessObjects Business Intelligence platform (Analysis
edition for OLAP), Versions - 420, 430
High 8.5
3271091 Update to Security Note released on December 2022 Patch Day:
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business
Planning and Consolidation
Product - SAP Business Planning and Consolidation, Versions – SAP_BW
750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810
High 8.5
3256787 [CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects
Business Intelligence Platform (CMC)
Product - SAP BusinessObjects Business Intelligence platform (CMC),
Versions - 420, 430
High 8.4
3265846 [CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP
Application)
Product – SAP Solution Manager (BSP Application), Version – 720
Medium 6.5

3
3267442 [CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP
Application)
Product – SAP Solution Manager (BSP Application), Version – 720
Medium 6.5
3270509 [CVE-2023-23855] URL Redirection vulnerability in SAP Solution
Manager
Product – SAP Solution Manager, Version – 720
Medium 6.5
3281724 [CVE-2023-0019] Missing Authorization check in GRC function
modules
Product – SAP GRC Process Control application, Versions – GRCFND_A
V1200, V8100, GRCPINW V1100_700, V1100_731, V1200_750
Medium 6.5
3290901 [CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for
Travel Management in SAP ERP (My Travel Requests)
Product – SAP Fiori apps 1.0 for travel management in SAP ERP (My
Travel Requests), Version - 600
Medium 6.5
2985905 [CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map
Treasury Correspondence Format Data
Product – SAP S/4 HANA (Map Treasury Correspondence Format Data),
Versions - 104, 105
Medium 6.5
3266751 [CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP
Solution Manager 7.2
Product – SAP Solution Manager, Version – 720
Medium 6.1
3268959 [Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for
ABAP and ABAP Platform
CVEs - CVE-2023-23859 , CVE-2023-23860
Product - SAP NetWeaver AS for ABAP and ABAP Platform, Version – 740,
750, 751, 752, 753, 754, 755, 756, 757, 789, 790
Medium 6.1
3271227 [CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver
Application Server for ABAP and ABAP Platform
Product – SAP NetWeaver Application Server for ABAP and ABAP
Platform, Versions – 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756,
757, 789, 790
Medium 6.1
3282663 [CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS ABAP (Business Server Pages application)
Product - SAP NetWeaver AS ABAP (Business Server Pages application),
Version – 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F,
75G, 75H
Medium 6.1
3293786 [CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS for ABAP and ABAP Platform
Product - SAP NetWeaver AS for ABAP and ABAP Platform, Versions –
740, 750, 751, 752, 753, 754, 755, 756, 757
Medium 6.1
3262544 Update to Security Note released on December 2022 Patch Day:
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS for Java (Http Provider Service)
Product - SAP NetWeaver AS for Java (Http Provider Service), Version –
7.50
Medium 6.1
3274585 [CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS ABAP (BSP Framework)
Product - SAP NetWeaver AS ABAP (BSP Framework), Version – 700, 701,
702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757
Medium 6.1
3269151 [CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS ABAP (BSP Framework)
Product - SAP NetWeaver AS ABAP (BSP Framework), Version – 700, 701,
702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757
Medium 6.1
3269118 [CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS ABAP (BSP Framework)
Product - SAP NetWeaver AS ABAP (BSP Framework), Version – 700, 701,
702, 731, 740
Medium 6.1

4
3283283 Update to Security Note released on January 2023 Patch Day:
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP
NetWeaver AS for ABAP and ABAP Platform
Product - SAP NetWeaver AS for ABAP and ABAP Platform, Version – 702,
731, 740, 750, 751, 752, 753, 754, 755, 756, 757
Medium 6.1
3275841 [CVE-2023-23851] Unrestricted File Upload in SAP Business Planning
and Consolidation
Product - SAP Business Planning and Consolidation, Versions – 200, 300
Medium 5.4
3263863 [CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web
Intelligence Interface
Product - SAP BusinessObjects Business Intelligence (Web Intelligence UI,
Version – 430
Medium 4.3
2788178 [CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM
WebClient UI
Product - SAP CRM (WebClient UI), Versions – 700, 701, 702, 731, 740,
750, 751, 752, WEBCUIF 748, 800, 801, S4FND 102, 103
Medium 4.3
3287291 [CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS
ABAP and ABAP Platform
Product - SAP NetWeaver AS ABAP and ABAP Platform, Versions – 700,
701, 702, 731, 740, 750, 751, 752
Medium 3.8
JANUARY 2023
On 10th of January 2023, SAP Security Patch Day saw the release of 9 new
Security Notes. Further,there
were 3 updates to previously released Security Notes.
Note# Title Priority CVSS
3275391 [CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning
and Consolidation MS
Product - SAP BPC MS 10.0, Versions - 800, 810
Hot News 9.9
3262810 [CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects
Business Intelligence platform (Analysis edition for OLAP)
Product - SAP BusinessObjects Business Intelligence platform (Analysis
edition for OLAP), Versions - 420, 430
Hot News 9.9
3273480 Update to Security Note released on December 2022 Patch Day:
[CVE-2022-41272] Improper access control in SAP NetWeaver Process
Integration (User Defined Search)
Product – SAP NetWeaver Process Integration, Version – 7.50
Hot News 9.9
3243924 Update to Security Note released on November 2022 Patch Day:
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP
BusinessObjects Business Intelligence Platform (Central Management
Console and BI Launchpad)
Product - SAP BusinessObjects Business Intelligence Platform (Central
Management Console and BI Launchpad), Versions - 4.2, 4.3
Hot News 9.9
3267780 Update to Security Note released on December 2022 Patch Day:
[CVE-2022-41271] Improper access control in SAP NetWeaver Process
Integration (Messaging System)
Product - SAP NetWeaver Process Integration, Version – 7.50
Hot News 9.4
3268093 [CVE-2023-0017] Improper access control in SAP NetWeaver AS for
Java
Product – SAP NetWeaver AS for Java, Version – 7.50
Hot News 9.4


This site uses cookies and related technologies, as described in our  privacy
statement, for purposes that may include site operation, analytics, enhanced
user experience, or advertising. You may choose to manage your own preferences.
Understood More Information

Cookie Statement | Powered by:
Cookie Preferences

IS THIS INFORMATION HELPFUL?




QUICK LINKS

 * Sustainability Management
 * Intelligent Enterprise
 * Small and Midsize Enterprises
 * SAP Trust Center
 * SAP Insights
 * SAP Community
 * Developer
 * Support Portal


ABOUT SAP

 * Company Information
 * Worldwide Directory
 * Investor Relations
 * Careers
 * News and Press
 * Events
 * Customer Stories
 * Newsletter


SITE INFORMATION

 * Privacy
 * Terms of Use
 * Legal Disclosure
 * Copyright
 * Trademark
 * Sitemap
 * Text View
 * Cookie Preferences


CONTACT US

Germany
0800/5 34 34 24
United States
+1-800-872-1727

Or see our complete list of local country numbers


Contact us

Chat now

FIND US ON

 * 
 * 
 * 
 * 
 * 
 * 



Back to top