CyberSecurityBoard
Sponsor Register Login

SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day.
Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, addressing critical flaws in Business Client, CX Commerce, and NetWeaver Application Server ABAP and ABAP Platform.
The first of the hot news security notes resolves two vulnerabilities in Customer Experience Commerce, both impacting third-party libraries in SAP's product.
The most severe of the bugs is CVE-2019-17495, a CSS injection issue in Swagger UI leading to CSS-based input field value exfiltration using the Relative Path Overwrite technique.
SAP also patched CVE-2022-36364, a remote code execution flaw in the Apache Calcite Avatica library, which exists because the library's JDBC driver does not perform sufficient checks for expected interfaces before instantiating HTTP client instances.
The second new hot news note released on SAP's May 2024 Security Patch Day resolves CVE-2024-33006, a file upload bug in NetWeaver that exists because a signature check for two content repositories is missing.
The updated hot news security note delivers the latest security updates for the Chromium-based browser in SAP Business Client, addressing a total of 23 vulnerabilities, including three high-severity bugs.
On Tuesday, SAP also announced patches for a high-severity cross-site scripting vulnerability in BusinessObjects Business Intelligence Platform, that exists because user input is not sufficiently sanitized, allowing an attacker to control a parameter in the Opendocument URL. The remaining 13 security notes resolve medium- and low-severity issues in Enable Now Manager, NetWeaver, S/4HANA, My Travel Requests, Process Integration, Replication Server, BusinessObjects, Process Integration, Global Label Management, Bank Account Management, and UI5.
SAP customers are advised to apply the security notes as soon as possible.
The company makes no mention of any of these vulnerabilities being exploited in the wild.
Attackers are known to have exploited security defects in SAP products for which patches have been released.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 14 May 2024 15:43:05 +0000


Cyber News related to SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
9 months ago Cybersecurity-insiders.com
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
4 months ago Securityweek.com
Revolutionizing Commerce With AI - Picture a future where commerce is not just an exchange of goods and services but an intricate relationship of data, insights, and artificial intelligence. The AI revolution in commerce is redefining how we approach buying, selling, and market ...
8 months ago Feeds.dzone.com
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
8 months ago Securityweek.com
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
9 months ago Securityboulevard.com
SAP Patches Critical Command Injection Vulnerabilities - Enterprise software maker SAP on Tuesday released 10 new and two updated security notes as part of its March 2024 Security Patch Day, calling attention to serious bugs in business-facing products. Three of the notes are marked 'hot news' - the ...
6 months ago Securityweek.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
8 months ago Securityzap.com
SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
9 months ago Securityweek.com
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
9 months ago Cysecurity.news
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
5 months ago Securityweek.com
Exploring Blockchain's Revolutionary Impact on E-Commerce - The trend of choosing online shopping over traditional in-store visits is on the rise, with e-commerce transactions dominating the digital landscape. Blockchain technology emerges as a solution to bolster the security of online transactions. ...
9 months ago Cysecurity.news
SAP Security Patch Addresses Privilege Escalation Flaw - SAP is a leading enterprise software suite that integrates various business functions like:-. This renowned enterprise software suite helps organizations to:-. Recently, on a security note, the German multinational software company SAP released a ...
8 months ago Cybersecuritynews.com
CVE-2021-2345 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low ...
3 years ago
CVE-2021-2346 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low ...
3 years ago
Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks - The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally ...
10 months ago Darkreading.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
2 days ago Securityaffairs.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
4 days ago Securityboulevard.com
CVE-2020-14536 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). Supported versions that are affected are 11.0, 11.1, 11.2 and prior to 11.3.1. Difficult to exploit ...
4 years ago
January Patch Tuesday: New year, more Windows bugs The Register - Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are ...
8 months ago Go.theregister.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
9 months ago Go.theregister.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
9 months ago Packetstormsecurity.com
Microsoft security bypass bug said to be under exploit The Register - Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was ...
5 months ago Go.theregister.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
9 months ago Securityboulevard.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
9 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)