Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

SAP Patchday: Six newly reported security vulnerabilities in business software

SAP's October patch day brings few updates. The developers plugged six new gaps, two of which are high-risk.

Save to Pocket listen Print view
Stylized image: Laptop with SAP logo on fire, in front of server racks

There are security gaps in SAP products.

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

2 min. read
Security
By

SAP admins have less work than usual in October: the Walldorf-based developers are only patching six new vulnerabilities in the business software. They are also updating the security notes for six older vulnerabilities.

The developers list the affected products in SAP's patchday overview. They classify two newly discovered vulnerabilities as high risk and four others as medium risk. The updated reports cover a risk spectrum from medium to critical.

Vulnerable SAP software

SAP is closing new vulnerabilities in the following products with updated software:

  • SAP Enterprise Project Connection (CVE-2022-23302, CVE-2024-22259, CVE-2024-38809, CVE-2024-38808; CVSS 8.0, risk"high")
  • SAP BusinessObjects Business Intelligence Platform (Web Intelligence) (CVE-2024-37179, CVSS 7.7, high)
  • SAP Commerce Backoffice (CVE-2024-45278, CVSS 5.4, medium)
  • SAP NetWeaver Enterprise Portal (KMC) (CVE-2024-47594, CVSS 5.4, medium)
  • SAP HANA Client (CVE-2024-45277, CVSS 4.3, medium)
  • SAP S/4 HANA (Manage Bank Statements) (CVE-2024-45282, CVSS 4.3, medium)

In the SAP overview, the programmers link to the specific security notes on the vulnerabilities. IT managers can access them after logging into their SAP accounts.

SAP has also updated security notes from previous patchdays. They concern SAP BusinessObjects Business Intelligence Platform (CVE-2024-41730, CVSS 9.8, critical) and SAP PDCE (CVE-2024-39592, CVSS 7.7, high). There were also updates to the notes on medium-risk leaks for SAP NetWeaver AS for Java (Destination Service), SAP NetWeaver BW (BEx Analyzer), SAP Student Life Cycle Management (SLcM) and SAP NetWeaver Application Server for ABAP and ABAP Platform.

Admins should apply the available updates promptly for products used in their own organization.

Read also

In September, the SAP patch day was much more extensive. The developers fixed 16 new vulnerabilities in the business software.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Spiele

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten