February 14, 2024 at 05:21AM
SAP released 13 new and updated security notes addressing critical and high-severity vulnerabilities in its February 2024 Security Patch Day. The critical issue, CVE-2024-22131, allows unauthorized access and potential system unavailability. Customers are advised to apply patches promptly due to the risk of exploitation by threat actors targeting SAP products.
Key takeaways from the meeting notes regarding SAP’s February 2024 Security Patch Day:
1. SAP announced the release of 13 new and three updated security notes, addressing critical vulnerabilities and high-severity bugs in various SAP products.
2. A critical vulnerability in SAP ABA cross-application component (CVE-2024-22131) with a CVSS score of 9.1 was identified, allowing unauthorized remote execution that could lead to data manipulation and system unavailability.
3. The vulnerability impacts SAP ABA versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, and 75I, and SAP has addressed the flaw by adding configurable checks on external calls.
4. Other high-severity and medium-severity flaws were also resolved, including cross-site scripting (XSS) and XML External Entity (XEE) injection bugs, code injection defects, and improper certificate validation.
5. SAP also announced updates for a hot news note delivering patches for vulnerabilities in the Chrome browser for Business Client, addressing an information disclosure bug in NetWeaver Application Server ABAP, and fixing a directory traversal issue in Master Data Governance.
6. Users are advised to apply the patches as soon as possible, as threat actors have targeted vulnerabilities in SAP products in the past.
Let me know if you need further assistance or clarification on any of the points.