March 12, 2024 at 02:04PM
SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The update also includes three high-priority security notes and six medium-severity vulnerabilities.
Here are the key takeaways from the meeting notes:
– SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day.
– Three of the notes are marked ‘hot news’ and resolve critical vulnerabilities in the Chromium browser in Business Client, Build Apps, and NetWeaver AS Java.
– The most severe update resolves 29 security defects in the Chromium browser, including two critical-severity bugs and 15 high-severity issues.
– A critical vulnerability in the lodash utility library in Build Apps was identified with a CVE-2019-10744 score of 9.4. The flaw allows attackers to run unauthorized commands on a system.
– There is also a code injection flaw in the Administrator Log Viewer plugin of NetWeaver AS Java, with a CVE-2024-22127 score of 9.1. An extended list of prohibited file types is provided in the patch to mitigate this vulnerability.
– SAP also published three high-priority security notes, including an update addressing an improper authentication flaw in Commerce Cloud, a denial-of-service bug in HANA XS Classic and HANA XS Advanced, and a path traversal issue in the central management console of the BusinessObjects Business Intelligence Platform.
– Six additional security notes address medium-severity vulnerabilities in NetWeaver, Fiori Front End Server, and ABAP Platform.
If you need further details on any of these points or other information, feel free to ask!