SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS Java User Management Engine, SAP BusinessObjects Web Intelligence, AP Asset Accounting, SAP Edge Integration Cell, SAP NetWeaver AS ABAP and ABAP Platform, AP Group Reporting Data Collection, SAP Employee Self Service, SAP S/4HANA, SAP NetWeaver, and SAP Business Connector.
The attacker could exploit some of these vulnerabilities to perform cross-site scripting attacks, obtain sensitive information, conduct denial of service attacks, or gain elevated privileges to the affected products.
Sample of the addressed vulnerabilities:
1. SAP NetWeaver AS Java User Management Engine Information Disclosure (CVE-2024-27899):
2. SAP Group Reporting Data Collection Privilege Escalation (CVE-2024-28167):
The enterprise should deploy this patch as soon as the testing phase is completed.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |