- 84/2024
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS ABAP, SAP NetWeaver WSRM, SAP Fiori Front End Server, and SAP ABAP Platform.
The attacker could exploit some of these vulnerabilities to bypass security restrictions, obtain sensitive information, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Code Injection Vulnerability in SAP NetWeaver AS Java (CVE-2024-22127):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP (CVE- 2024-27902):
- CVSS: 5.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2019-10744
- CVE-2024-22127
- CVE-2023-39439
- CVE-2024-27900
- CVE-2023-44487
- CVE-2023-50164
- CVE-2024-27902
- CVE-2024-25644
- CVE-2024-25645
- CVE-2024-28163
- CVE-2024-22133
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.