Patchday: SAP equips enterprise software against possible attacks
Important security updates have been released for SAP Commerce and NetWeaver, among others.
Attackers can attack SAP's enterprise software and gain access to information that is actually sealed off. The software manufacturer has now released security patches for several applications.
The most dangerous gaps
In a warning message, the developers write that attackers can, for example, use a vulnerability (CVE-2024-39592"high") in Product Design Cost Estimation (PDCE) to access sensitive data. This works because the authorizations of logged-in users are not checked.
Another vulnerability (CVE-2024-39597) with a"high" threat level concerns Commerce. At this point, attackers can abuse the forgot password function to gain access to certain pages.
The remaining vulnerabilities affect Business Warehouse, Business Workflow, CRM WebClient UI, Document Builder, Enable Now, GUI for Windows, Landscape Builder, NetWeaver Application Server, NetWeaver Knowledge Management XMLEditor, and S/4HANA Finance. The vulnerabilities are classified as"medium". If attacks are successful, attackers can upload their own files, among other things
(des)