support.sap.com
Open in
urlscan Pro
2a02:26f0:3100:78a::1e22
Public Scan
URL:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html
Submission: On May 18 via api from IN — Scanned from DE
Submission: On May 18 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
How you can contact us: * Technical Assistance Request technical support from SAP * Non-Technical Assistance Request non-technical support or provide feedback on SAP Support Portal site Your browser does not support JavaScript. Some components may not be visible. Contact Us × How you can contact us: * Technical Assistance Request technical support from SAP * Non-Technical Assistance Request non-technical support or provide feedback on SAP Support Portal site SAP SECURITY PATCH DAY – MAY 2024 This post shares information on Security Notes that remediates vulnerabilities discovered in SAP products. SAP strongly recommends that the customer applies patches on priority to protect their SAP landscape. On 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. Further, there were 3 updates to previously released Security Notes. Note#TitleSeverityCVSS 2622660 Update to Security Note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product - SAP Business Client, Versions - 6.5, 7.0, 7.70 Hot News 10.0 3455438 [CVE-2019-17495] Multiple vulnerabilities in SAP CX Commerce Related CVE - CVE-2022-36364 Product- SAP Commerce, Version - HY_COM 2205 Hot News 9.8 3448171 [CVE-2024-33006] File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform Product- SAP NetWeaver Application Server ABAP and ABAP Platform, Versions - SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 Hot News 9.6 3431794 [CVE-2024-28165] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform Product- SAP BusinessObjects (Business Intelligence Platform), Versions – 430, 440 High 8.1 3441944 [CVE-2024-32730] Missing authorization check in SAP Enable Now Manager Product- SAP Enable Now, Version - 1704 Medium 6.5 3448445 [CVE-2024-34687] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform Product- SAP NetWeaver Application server for ABAP and ABAP Platform, Versions - SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 795, SAP_BASIS 796 Medium 6.5 3450286 [CVE-2024-32733] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform Product- SAP NetWeaver Application Server ABAP and ABAP Platform, Versions - SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 Medium 6.1 3460772 [CVE-2024-33002] Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) Product - SAP S/4HANA (Document Service Handler for DPS), Versions – SAP_BASIS 740, SAP_BASIS 750 Medium 6.1 3447467 [CVE-2024-32731] Missing Authorization check in SAP My Travel Requests Product- My Travel Requests, Version – 600 Medium 5.5 2745860 Update to Security Note released on May 2021 Patch Day: Information Disclosure in Enterprise Services Repository of SAP Process Integration Product - SAP Process Integration, Versions - MESSAGING 7.31, MESSAGING 7.40, MESSAGING 7.50, NWCEIDE 7.31, SAP_XIESR 7.31, SAP_XIESR 7.40, SAP_XIESR 7.50, SAP_XITOOL 7.31, SAP_XITOOL 7.40, SAP_XITOOL 7.50, SAP_XIAF 7.31, SAP_XIAF 7.40, SAP_XIAF 7.50, SAP_XIGUILIB 7.31, SAP_XIGUILIB 7.40, SAP_XIGUILIB 7.50 Medium 5.3 3349468 [CVE-2024-33008] Memory Corruption vulnerability in SAP Replication Server Product – SAP Replication Server, Versions – 16.0, 16.0.3, 16.0.4 Medium 4.9 3434666 [Multiple CVEs] Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) CVEs - CVE-2024-4139, CVE-2024-4138 Product – SAP S/4 HANA (Manage Bank Statement Reprocessing Rules), Versions – SAPSCORE 131, S4CORE 105, S4CORE 106, S4CORE107, S4CORE 108 Medium 4.3 3449093 [CVE-2024-33004] Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) Product – SAP BusinessObjects Business Intelligence Platform (Webservices), Versions – 430, 440 Medium 4.3 2174651 Update to Security Note released on December 2017 Patch Day: Potential information disclosure relating to PI Integration Directory Product - SAP Process Integration, Versions - MESSAGING 7.10, MESSAGING 7.11, MESSAGING 7.30, MESSAGING 7.31, MESSAGING 7.40, MESSAGING 7.50, NWCEIDE 7.31, SAP_XITOOL 7.00, SAP_XITOOL 7.01, SAP_XITOOL 7.02, SAP_XITOOL 7.10, SAP_XITOOL 7.11, SAP_XITOOL 7.30, SAP_XITOOL 7.31, SAP_XITOOL 7.40, SAP_XITOOL 7.50, SAP_XIAF 7.31, SAP_XIAF 7.40, SAP_XIAF 7.50, SAP_XIPCK 7.00, SAP_XIPCK 7.01, SAP_XIPCK 7.02, SAP_XIPCK 7.10, SAP_XIPCK 7.11, SAP_XIPCK 7.30 Medium 4.3 1938764 [CVE-2024-33009] SQL injection vulnerability in SAP Global Label Management (GLM) Product – SAP Global Label Management (GLM), Versions – 605, 606, 616, 617 Low 3.7 3392049 [CVE-2024-33000] Missing Authorization check in SAP Bank Account Management Product – SAP Bank Account Management, Versions – 100, 101, 102, 103, 104, 105, 106, 107, 108 Low 3.5 3446076 [CVE-2024-33007] Client-side script execution vulnerability in SAP UI5(PDFViewer) Product - SAPUI5, Versions – 754, 755, 756, 757, 758 Low 3.5 To know more about the security researchers and research companies who have contributed for security patches of this month, visit here. Archived blogs from previous years are available here. If you have any comments or feedback about this post, you can write to secure@sap.com. SAP is committed to deliver trustworthy products and cloud services. Secure configuration is essential to ensure secure operation and data integrity. We have therefore documented security recommendations that are consolidated in this document to help you configure the best security for your SAP portfolio. How is your experience with this page? Cookie-Präferenzen Diese Website verwendet Cookies – kleine Textdateien, die auf Ihrem Computer oder Gerät gespeichert sind und Informationen zu Ihrem Besuch aufzeichnen. Cookies ermöglichen die folgenden Funktionen: * Chat-Services aktivieren * Anmeldedaten merken * Merken, was sich im Warenkorb befindet * Teilen von Seiten mit sozialen Netzwerken * Fragen, Anmerkungen und Hilfeanforderungen stellen * Website-Umfragen und Feedbackanfragen anzeigen * Verfolgen von Website-Ausfällen und Schutz vor Spam, Betrug und Missbrauch * Messen des Datenverkehrs, um zu verstehen, wie unsere Website verwendet wird. Anschließend verwenden wir diese Daten, um die Website zu pflegen und ihre Performance zu verbessern. * Bereitstellung und Messung der Wirksamkeit von Anzeigen * Anzeige personalisierter Inhalte (z. B. Informationen zu Produkten, die sich auf Ihre Branche beziehen) Sie können unserer Verwendung von Cookies zustimmen, indem Sie auf „Alle akzeptieren“ klicken, oder Sie können anpassen, welche Cookies wir verwenden dürfen, indem Sie auf „Einstellungen verwalten“ klicken. Sie können Ihre Voreinstellungen jederzeit ändern, indem Sie unten auf einer beliebigen Seite auf „Cookie-Einstellungen“ klicken. Einstellungen verwalten Alle verweigern Alle akzeptieren Datenschutzerklärung Cookie-Erklärung