CyberSecurityBoard
Sponsor Register Login

SAP Patches Critical Vulnerability in Business Technology Platform

German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day.
Four of the December 2023 security notes have a severity rating of 'hot news', the highest in the company's notebook, but three of them are updates to previously released notes.
The new hot news security note deals with multiple vulnerabilities in SAP Business Technology Platform, the most severe of which is a critical-severity elevation of privilege flaw.
Tracked as CVE-2023-49583, the issue was identified in the BTP Security Services Integration Libraries, which simplify the integration of BTP security services and other identity services.
To draw attention to the vulnerability, SAP has published a separate blog post, urging all customers to review the security note, ensure that their systems meet required prerequisites for the update, and apply the provided solution to address the bug.
The first of the three updated hot news notes brings patches for the Chromium-based browser in SAP Business Client.
The update plugs 44 security holes, including three critical bugs and 17 high-severity issues.
SAP released four high-priority security notes as part of its December 2023 patches, the first of which addresses an improper access control bug in Commerce Cloud, which could allow blocked users to use the forgotten password feature to regain access to the application.
A high-severity cross-site scripting flaw in BusinessObjects that could allow an attacker to upload malicious documents to the system and an information disclosure issue in SAP GUI for Windows and SAP GUI for Java, leading to the exposure of confidential information, were also resolved.
SAP patched a high-severity missing authorization check bug in EMARSYS SDK Android, which could allow an attacker with control over a victim's Android device to forward themselves URLs without validation from the host application.
SAP also released seven medium-priority and two low-priority security notes.
The software maker makes no mention of any of these vulnerabilities being exploited in malicious attacks, but threat actors are known to target SAP application vulnerabilities.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Dec 2023 19:13:04 +0000


Cyber News related to SAP Patches Critical Vulnerability in Business Technology Platform

The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
6 months ago Cybersecurity-insiders.com
Exploring Technology in Classroom Learning - This article aims to explore the effective utilization of technology to enhance classroom learning experiences. Technology plays a crucial role in facilitating effective and engaging learning experiences in the classroom. With the advancement of ...
6 months ago Securityzap.com
SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
6 months ago Securityweek.com
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
5 months ago Securityweek.com
Unveiling the Power of NFC Technology - Key Components of NFC Technology Tags and Readers NFC technology is based on two essential components: tags and readers. This exchange of information is what enables NFC technology to be used for various applications, such as contactless payments, ...
6 months ago Feeds.dzone.com
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
6 months ago Cysecurity.news
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
6 months ago Securityboulevard.com
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
1 month ago Securityweek.com
Entertainment Transformed: The Impact of Technology - From music production to live events, from television and film to gaming and social media, technology has changed the way we enjoy entertainment in both positive and negative ways. In this article, we will explore how different aspects of ...
7 months ago Securityzap.com
SAP Patches Critical Command Injection Vulnerabilities - Enterprise software maker SAP on Tuesday released 10 new and two updated security notes as part of its March 2024 Security Patch Day, calling attention to serious bugs in business-facing products. Three of the notes are marked 'hot news' - the ...
3 months ago Securityweek.com
Addressing the Cybersecurity Vendor Ecosystem Disconnect - COMMENTARY. If you are a member of the security team in charge of defending a network, you are probably accustomed to working with a technology stack composed of hardware, software, and data from dozens of different sources. Consolidating and joining ...
1 month ago Darkreading.com
SAP Security Patch Addresses Privilege Escalation Flaw - SAP is a leading enterprise software suite that integrates various business functions like:-. This renowned enterprise software suite helps organizations to:-. Recently, on a security note, the German multinational software company SAP released a ...
5 months ago Cybersecuritynews.com
Smart Home Technology: Your Gateway to Modern Living - Smart home technology offers homeowners an array of benefits, from increased convenience and comfort to enhanced safety and energy savings. Smart home technology offers convenience, comfort, safety, and energy savings. Smart home technology provides ...
6 months ago Securityzap.com
Sustainable Tech Solutions: Paving the Way for a Greener Tomorrow - In order to ensure a brighter tomorrow, sustainable technology solutions must be embraced and implemented. This article will explore the benefits, challenges, pros and cons of sustainable technologies, as well as showcase various sustainable ...
7 months ago Securityzap.com
Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments - PRESS RELEASE. CAMBRIDGE, England, Jan. 24, 2024 /PRNewswire/ - Darktrace, a global leader in cyber security AI, and Garland Technology, a leading manufacturer of network TAP, aggregator, packet broker, data diode and inline bypass solutions, today ...
5 months ago Darkreading.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
Want to Justify Your IT Investments Faster? Measure Business Outcomes. - Achieving strategic business outcomes in today's fast-paced digital climate is a key imperative. Digital transformation, better customer experiences, increased productivity, and cost savings are rated as the most important business outcomes, ...
5 months ago Feedpress.me
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
5 months ago Securityzap.com
Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
1 year ago Csoonline.com
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
3 months ago
Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability - Cisco Full-Stack Observability solutions help optimize and secure the applications that underpinonline and in-store experiences from the customer to the warehouse to economies of scale. Retailers can become more customer centric by taking action that ...
7 months ago Feedpress.me
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
6 months ago Go.theregister.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
6 months ago Packetstormsecurity.com
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
2 months ago Securityweek.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
5 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)