CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver

SAP has released 10 new security notes on June 2024 Security Patch Day, including two addressing high-severity vulnerabilities. The post SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver appeared first on SecurityWeek.

Enterprise software maker SAP on Tuesday announced the release of ten new and two updated security notes as part of its June 2024 Security Patch Day.

SAP’s new set of patches includes two high-priority security notes, the most severe of which addresses a cross-site scripting (XSS) bug in Financial Consolidation.

According to application security firm Onapsis, the security note addresses two XSS flaws in SAP’s product, collectively tracked as CVE-2024-37177 (CVSS score of 8.1).

“The more critical one allows data to enter a web application through an untrusted source and manipulating web site content. This causes a high impact on the confidentiality and integrity of the application,” Onapsis explains.

The second high-priority note resolves a denial-of-service (DoS) vulnerability in SAP NetWeaver AS Java, tracked as CVE-2024-34688 (CVSS score of 7.5).

Impacting the NetWeaver AS Java’s Meta Model Repository services, the issue exists because access to these services was not restricted, allowing attackers to cause DoS conditions on the application and prevent legitimate users from using it, Onapsis says.

Eight of the remaining security notes released on SAP’s June 2024 Security Patch Day address medium-severity vulnerabilities in the NetWeaver and ABAP platform, Document Builder, S/4HANA, CRM, BW/4HANA Transformation and DTP, Student Life Cycle Management, and NetWeaver AS Java products.

Successful exploitation of these issues could result in DoS conditions, arbitrary file uploads, information disclosure, or data tampering.

The remaining two security notes, one new and one updated, resolve low-severity issues in BusinessObjects Business Intelligence Platform and Central Finance Infrastructure Components.

SAP makes no mention of any of these vulnerabilities being exploited in the wild, but attackers are known to have targeted flaws in SAP products for which patches had been released. Organizations are advised to update their installations as soon as possible.

Related: SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

Related: SAP Applications Increasingly in Attacker Crosshairs, Report Shows

Related: SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

Latest News

CYBERNEWSMEDIAPublisher