- 05/2024
- High
SAP has released security updates to address several vulnerabilities affecting multiple products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP Application Interface Framework, SAP S/4HANA Finance, SAP Web Dispatcher, SAP NetWeaver Application Server ABAP, and ABAP Platform.
The attacker could exploit some of these vulnerabilities to bypass security restrictions, escalate privilege, obtain sensitive information, perform cross-site scripting, or execute OS commands and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Code Injection Vulnerability in SAP Application Interface Framework (CVE- 2024-21737):
- CVSS: 8.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Information Disclosure Vulnerability in Microsoft Edge Browser Extension (CVE-2024-22125):
- CVSS: 7.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.