SAP Patches High-Severity Vulnerability in Web Dispatcher

November 12, 2024 at 08:24AM On November 2024 patch day, SAP released eight security notes, notably addressing a high-severity vulnerability in Web Dispatcher. This update highlights their ongoing efforts to enhance security measures. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **New Security Notes Released**: SAP has issued a total of eight new security … Read more

SAP Releases 16 New Security Notes on September 2024 Patch Day

September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more

SAP Patches High-Severity Vulnerabilities in PDCE, Commerce

July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more

SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver

June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more

SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more