SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

May 14, 2024 at 11:03AM

SAP released 14 new and three updated security notes for May 2024 Security Patch Day. Two new and one updated note are of highest severity, addressing critical flaws in Business Client, CX Commerce, and NetWeaver. These include vulnerabilities such as CSS injection and remote code execution. SAP advises customers to apply patches promptly.

From the meeting notes, key takeaways are:

– SAP has released 14 new and three updated security notes as part of its May 2024 Security Patch Day.
– Two new and one updated security notes are rated as ‘hot news’, addressing critical flaws in Business Client, CX Commerce, and NetWeaver Application Server ABAP and ABAP Platform.
– The hot news security notes resolve vulnerabilities such as CSS injection issue, remote code execution flaw, and a file upload bug, with various CVSS scores.
– The remaining 13 security notes address medium- and low-severity issues in various SAP products.
– SAP customers are advised to apply the security notes as soon as possible.

These are the main points from the meeting notes. Let me know if you need further information or details!

Full Article