June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more
May 14, 2024 at 11:03AM SAP released 14 new and three updated security notes for May 2024 Security Patch Day. Two new and one updated note are of highest severity, addressing critical flaws in Business Client, CX Commerce, and NetWeaver. These include vulnerabilities such as CSS injection and remote code execution. SAP advises customers to … Read more
March 12, 2024 at 02:04PM SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The … Read more
February 14, 2024 at 05:21AM SAP released 13 new and updated security notes addressing critical and high-severity vulnerabilities in its February 2024 Security Patch Day. The critical issue, CVE-2024-22131, allows unauthorized access and potential system unavailability. Customers are advised to apply patches promptly due to the risk of exploitation by threat actors targeting SAP products. … Read more
December 12, 2023 at 02:06PM SAP announced 15 new and two updated security notes in its December 2023 Security Patch Day. This includes ‘hot news’ notes addressing vulnerabilities in SAP Business Technology Platform, Business Client, and OS command injection flaws in SAP ECC and SAP S/4HANA. Various other high and medium-priority issues were also resolved. … Read more