SAP セキュリティパッチデー 2024 年 9 月
このページでは、SAP 製品で発見された脆弱性を改善するセキュリティノートに関する情報を共有しています。SAP は、Support Portal にアクセスし SAP ランドスケープを保護するために優先的にパッチを適用することを強くお奨めします。
2024 年 9 月 10 日に、SAP セキュリティパッチデーに 16 の新しいセキュリティノートがリリースされました。さらに、以前にリリースされたセキュリティノートには 3 つの更新があります。
| Note# | Title | Priority | CVSS |
|---|---|---|---|
| 3479478 | Update to Security Note released on August 2024 Patch Day: [CVE-2024-41730] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform | Hot News | 9.8 |
| 3459935 | Update to Security Note released on August 2024 Patch Day: [CVE-2024-33003] Information Disclosure Vulnerability in SAP Commerce Cloud Product - SAP Commerce Cloud, Versions - HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205, COM_CLOUD 2211 | High | 7.4 |
| 3495876 | Update to Security Note released on August 2024 Patch Day: [Multiple CVEs] Multiple vulnerabilities in SAP Replication Server (FOSS) CVEs - CVE-2023-0215, CVE-2022-0778 , CVE-2023-0286 Product - SAP Replication Server, Versions - 16.0.3, 16.0.4 | Medium | 6.5 |
| 3488341 | [CVE-2024-45286] Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) Product - SAP Production and Revenue Accounting (Tobin interface), Versions - S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804, IS-PRA 805 | Medium | 6.5 |
| 3497347 | [CVE-2024-42378] Cross-Site Scripting (XSS) in eProcurement on S/4HANA Product - SAP S/4HANA eProcurement, Versions - SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108 | Medium | 6.1 |
| 3501359 | [CVE-2024-45279] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP(CRM Blueprint Application Builder Panel) Product - SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel), Versions – 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, 75I | Medium | 6.1 |
| 3477359 | [CVE-2024-45283] Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) Product - SAP NetWeaver AS for Java (Destination Service), Versions - 7.50 | Medium | 6.0 |
| 3430336 | [CVE-2013-3587] Information Disclosure vulnerability in SAP Commerce Cloud Product - SAP Commerce Cloud, Version - COM_CLOUD 2211 | Medium | 5.9 |
| 3425287 | [CVE-2024-45281] DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform Product - SAP BusinessObjects Business Intelligence Platform, Version - 430 | Medium | 5.8 |
| 3488039 | [Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform CVEs - CVE-2024-42371, CVE-2024-44117, CVE-2024-45285, CVE-2024-42380, CVE-2024-44115, CVE-2024-44116 Product - SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 | Medium | 5.4 |
| 3505503 | [CVE-2024-45280] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application) Product - SAP NetWeaver AS Java (Logon Application), Version - 7.50 | Medium | 4.8 |
| 3498221 | [CVE-2024-44120] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal Product - SAP NetWeaver Enterprise Portal, Version - 7.50 | Medium | 4.7 |
| 3481992 | [CVE-2024-44113] Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer) Product - SAP Business Warehouse (BEx Analyzer), Versions - DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757, SAP_BW 758 | Medium | 4.3 |
| 3481588 | [CVE-2024-41729] Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) Product - SAP NetWeaver BW (BEx Analyzer), Versions - DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757, SAP_BW 758 | Medium | 4.3 |
| 3437585 | [CVE-2024-44121] Information Disclosure in SAP S/4 HANA (Statutory Reports) Product - SAP S/4 HANA, Version – 900 | Medium | 4.3 |
| 3505293 | [CVE-2024-44112] Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) Product - SAP for Oil & Gas, Versions – 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807, 807 | Medium | 4.3 |
| 2256627 | [CVE-2024-45284] Missing authorization check in SAP Student Life Cycle Management (SLcM) Product - SAP Student Life Cycle Management (SLcM), Versions – 617, 618, 800, 802, 803, 804, 805, 806, 807, 808 | Low | 2.7 |
| 3496410 | [CVE-2024-41728] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform Product - SAP NetWeaver Application Server for ABAP and ABAP Platform, Version – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 | Low | 2.7 |
| 3507252 | [CVE-2024-44114] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform Product - SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions – 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 | Low | 2.0 |
今月のセキュリティパッチを提供してきたセキュリティ研究者や調査会社の詳細については、こちらをご覧ください。
過去のアーカイブブログは、こちらからご覧いただけます。
このページに関するコメントまたはフィードバックがある場合は secure@sap.com 宛にご連絡ください。(お問い合わせは英語でお願いいたします。)
SAP は、信頼できる製品とクラウドサービスの提供に尽力しています。安全な運用とデータの完全性を確保するには、安全な設定が不可欠です。そのため、SAP ポートフォリオに最適なセキュリティを設定できるように、この文書に統合されたセキュリティ推奨事項が文書化されています。