- 277/2024
- High
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform, SAP Enterprise Project Connection, SAP PDCE, SAP NetWeaver, SAP Commerce Backoffice, SAP HANA Client, SAP S/4 HANA, SAP Student Life Cycle Management (SLcM).
The attacker could exploit some of these vulnerabilities to bypass security restrictions, obtain sensitive information, perform cross-site scripting, gain elevated privileges, or perform a denial of services attack on the affected products.
Sample of the addressed vulnerabilities:
1. SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability (CVE-2024-37179):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
2. SAP Commerce Backoffice Cross-Site Scripting Vulnerability (CVE-2024- 45278):
- CVSS: 5.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.