CERT-In Advisory
CIAD-2024-0042
Multiple Vulnerabilities in SAP Products
Original Issue Date: September 02, 2024
Severity Rating: High
Software Affected
- SAP BusinessObjects Business Intelligence Platform
- SAP Build Apps
- SAP BEx Web Java Runtime Export Web Service
- SAP S/4 HANA, Library
- SAP NetWeaver AS Java
- SAP Commerce Cloud
- SAP Landscape Management
- SAP Replication Server
- SAP Document Builder
- SAP NetWeaver Application Server (ABAP and Java)
- SAP Web Dispatcher and SAP Content Server
- SAP Shared Service Framework
- SAP Business Warehouse - Business Planning and Simulation
- SAP BW/4HANA Transformation and Data Transfer Process
- SAP Commerce Backoffice
- SAP Commerce
- SAP CRM ABAP (Insights Management),
- SAP Business Workflow (WebFlow Services)
- SAP NetWeaver Application Server ABAP
- SAP Student LifeCycle Management (SLcM)
- SAP S/4 HANA
- SAP Web Dispatcher and SAP Content Server
- SAP Student Life Cycle Management (SLcM)
- SAP Permit to Work
Overview
Multiple vulnerabilities have been reported in SAP Products which could allow an attacker to escalate privileges, inject arbitrary code, disclose sensitive information, cause memory corruption, perform blind SSRF attacks, inject system logs, perform DoS attacks, perform Cross site scripting (XSS) attacks, redirect users to arbitrary URL and bypass security restrictions on the targeted system.
Description
Multiple vulnerabilities have been reported in SAP products; details of which are provided below:
Solution
Apply appropriate fixes as mentioned in SAP Security Advisory:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
Vendor Information
SAP
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
References
SAP
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
CVE Name
CVE-2024-41730
CVE-2024-29415
CVE-2024-42374
CVE-2023-30533
CVE-2024-34688
CVE-2024-33003
CVE-2024-39593
CVE-2023-0215
CVE-2022-0778
CVE-2023-0286
CVE-2024-34683
CVE-2024-42376
CVE-2024-42377
CVE-2024-33005
CVE-2024-39594
CVE-2024-37176
CVE-2024-41735
CVE-2024-41733
CVE-2024-41737
CVE-2024-34689
CVE-2024-41732
CVE-2023-0023
CVE-2024-42375
CVE-2024-28166
CVE-2024-41731
CVE-2024-41736
CVE-2024-39591
CVE-2024-42373
CVE-2024-41734
CVE-2024-37180
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|