June 11, 2024 at 08:03AM
SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were resolved. Organizations are advised to update installations promptly.
Based on the meeting notes, SAP has announced the release of ten new and two updated security notes as part of its June 2024 Security Patch Day. The new patches include two high-priority security notes addressing cross-site scripting (XSS) and denial-of-service (DoS) vulnerabilities. Additionally, eight medium-severity vulnerabilities and two low-severity issues have also been addressed.
The high-priority security notes resolve a cross-site scripting (XSS) bug in Financial Consolidation and a denial-of-service (DoS) vulnerability in SAP NetWeaver AS Java. The XSS flaw could impact application confidentiality and integrity, while the DoS vulnerability affects the NetWeaver AS Java’s Meta Model Repository services.
The remaining security notes address medium-severity vulnerabilities in the NetWeaver and ABAP platform, Document Builder, S/4HANA, CRM, BW/4HANA Transformation and DTP, Student Life Cycle Management, and NetWeaver AS Java products. These vulnerabilities could lead to DoS conditions, arbitrary file uploads, information disclosure, or data tampering.
Furthermore, there are two low-severity security notes addressing issues in BusinessObjects Business Intelligence Platform and Central Finance Infrastructure Components.
It’s important for organizations to update their SAP installations promptly to mitigate the risk of potential exploitation of these vulnerabilities.