-
Product Related Assistance
Request product related support from SAP
-
Non-Product Related Assistance
Request for existing cases, user IDs, Portal navigation support and more
SAP Security Patch Day – October 2024
This post shares information on Security Notes that remediate vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape.
On 8th of October 2024, SAP Security Patch Day saw the release of 6 new Security Notes. Further, there were 6 updates to previously released Security Notes.
| Note# | Title | Priority | CVSS |
|---|---|---|---|
| 3479478 | Update to Security Note released on August 2024 Patch Day: Product - SAP BusinessObjects Business Intelligence Platform, Versions - ENTERPRISE 420, 430, 440 | Critical | 9.8 |
| 3523541 | [CVE-2022-23302] Multiple vulnerabilities in SAP Enterprise Project Connection Related CVEs - CVE-2024-22259, CVE-2024-38809, CVE-2024-38808 Product - SAP Enterprise Project Connection, Version - 3.0 | High | 8.0 |
| 3478615 | [CVE-2024-37179] Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) Product - SAP BusinessObjects Business Intelligence Platform (Web Intelligence), Version - ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430, 2025 | High | 7.7 |
| 3483344 | Update to Security Note released on July 2024 Patch Day: [CVE-2024-39592] Missing Authorization check in SAP PDCE Product- SAP PDCE, Versions - S4CORE 102, 103, S4COREOP 104, 105, 106, 107, 108 | High | 7.7 |
| 3477359 | Update to Security Note released on September 2024 Patch Day [CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) Product - SAP NetWeaver AS for Java (Destination Service), Versions - 7.50 | Medium | 6.0 |
| 3507545 | [CVE-2024-45278] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice Product - SAP Commerce Backoffice, Versions - HY_COM 2205, COM_CLOUD 2211 | Medium | 5.4 |
| 3503462 | [CVE-2024-47594] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) Product - SAP NetWeaver Enterprise Portal (KMC), Version - KMC-BC 7.5 | Medium | 5.4 |
| 3520100 | [CVE-2024-45277] Prototype Pollution vulnerability in SAP HANA Client Product - SAP HANA Client, Version - HDB_CLIENT 2.0 | Medium | 4.3 |
| 3251893 | [CVE-2024-45282] HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) Product - SAP S/4 HANA (Manage Bank Statements), Versions – S4CORE, 102, 103, 104, 105, 106, 107 | Medium | 4.3 |
| 3481588 | Update to Security Note released on September 2024 Patch Day: [CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) Product- SAP NetWeaver BW (BEx Analyzer), Versions – DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757, SAP_BW 758 | Medium | 4.3 |
| 3479293 | Update to Security Note released on August 2024 Patch Day: [CVE-2024-42373] Missing Authorization Check in SAP Student Life Cycle Management (SLcM) Product - SAP Student Life Cycle Management (SLcM), Versions – IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807, 808 | Medium | 4.3 |
| 3454858 | Update to Security Note released on July 2024 Patch Day: [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Product - SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions - SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 | Medium | 4.1 |
To know more about the security researchers and research companies who have contributed for security patches of this month, visit here.
Archived blogs from previous years are available here.
If you have any comments or feedback about this post, you can write to secure@sap.com.
SAP is committed to deliver trustworthy products and cloud services. Secure configuration is essential to ensure secure operation and data integrity. We have therefore documented security recommendations that are consolidated in this document to help you configure the best security for your SAP portfolio.