Multiple Vulnerabilities in SAP Products

ADVISORY!

TLP : CLEAR

Date : 02/09/2024

REF NO : CERT / 2024/09/78

Severity Level: High

Components Affected

SAP BusinessObjects Business Intelligence Platform
SAP Build Apps
SAP BEx Web Java Runtime Export Web Service
SAP S/4 HANA, Library
SAP NetWeaver AS Java
SAP Commerce Cloud
SAP Landscape Management
SAP Replication Server
SAP Document Builder
SAP NetWeaver Application Server (ABAP and Java)
SAP Web Dispatcher and SAP Content Server
SAP Shared Service Framework
SAP Business Warehouse – Business Planning and Simulation
SAP BW/4HANA Transformation and Data Transfer Process
SAP Commerce Backoffice
SAP Commerce
SAP CRM ABAP (Insights Management),
SAP Business Workflow (WebFlow Services)
SAP NetWeaver Application Server ABAP
SAP Student LifeCycle Management (SLcM)
SAP S/4 HANA
SAP Web Dispatcher and SAP Content Server
SAP Student Life Cycle Management (SLcM)
SAP Permit to Work

Overview

Multiple vulnerabilities have been reported in SAP Products which could allow an attacker to escalate privileges, inject arbitrary code, disclose sensitive information, cause memory corruption, perform blind SSRF attacks, inject system logs, perform DoS attacks, perform Cross site scripting (XSS) attacks, redirect users to arbitrary URL and bypass security restrictions on the targeted system.

Description

Multiple vulnerabilities have been reported in SAP products; details of which are provided below: