Summary: SAP has released eight new security notes and two updates addressing critical vulnerabilities in various products, including XSS and missing authorization checks. Key vulnerabilities include CVE-2024-47590 and CVE-2024-39592, which pose significant risks to user data and system integrity.
Threat Actor: Unknown | unknown
Victim: SAP Users | SAP Users
Key Point :
- SAP has released eight new security notes addressing critical vulnerabilities across its products.
- CVE-2024-47590 is a High priority XSS vulnerability in SAP Web Dispatcher with a CVSS score of 8.8.
- CVE-2024-39592 involves a missing authorization check in SAP PDCE, rated with a CVSS score of 7.7.
- Organizations are urged to apply patches promptly to mitigate risks of exploitation.
- Detailed information and remediation steps are available on SAP’s official security portal.
SAP has released eight new security notes and two updates to previously released notes in its November 2024 Security Patch Day, addressing critical vulnerabilities across various products.
The security notes cover a range of vulnerabilities, including cross-site scripting (XSS), missing authorization checks, local privilege escalation, information disclosure, and NULL pointer dereference. The updates address vulnerabilities in products such as SAP Web Dispatcher, SAP PDCE, SAP NetWeaver AS Java, SAP Host Agent, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP NetWeaver Java (Software Update Manager), and SAP Cash Management.
Among the released notes, CVE-2024-47590, an XSS vulnerability in SAP Web Dispatcher, is rated as High priority with a CVSS score of 8.8. This vulnerability could allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to data theft or session hijacking.
Another High priority vulnerability, CVE-2024-39592, relates to a missing authorization check in SAP PDCE and has a CVSS score of 7.7. This vulnerability could allow unauthorized access to sensitive data or functionalities.
SAP strongly recommends that organizations apply these patches promptly to secure their systems against potential exploitation. Administrators are encouraged to review each Security Note and update SAP products to the latest patched versions to mitigate risks.
For detailed information, users can access SAP’s official security portal, where each vulnerability is documented with further remediation steps. By staying proactive with these updates, organizations can protect their SAP infrastructure from unauthorized access, data breaches, and other security threats.
Related Posts:
Source: https://securityonline.info/sap-patches-multiple-vulnerabilities-in-november-2024-security-patch-day