CyberSecurityBoard
Sponsor Register Login

SAP Patches Critical Vulnerability in Business Technology Platform

German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day.
Four of the December 2023 security notes have a severity rating of 'hot news', the highest in the company's notebook, but three of them are updates to previously released notes.
The new hot news security note deals with multiple vulnerabilities in SAP Business Technology Platform, the most severe of which is a critical-severity elevation of privilege flaw.
Tracked as CVE-2023-49583, the issue was identified in the BTP Security Services Integration Libraries, which simplify the integration of BTP security services and other identity services.
To draw attention to the vulnerability, SAP has published a separate blog post, urging all customers to review the security note, ensure that their systems meet required prerequisites for the update, and apply the provided solution to address the bug.
The first of the three updated hot news notes brings patches for the Chromium-based browser in SAP Business Client.
The update plugs 44 security holes, including three critical bugs and 17 high-severity issues.
SAP released four high-priority security notes as part of its December 2023 patches, the first of which addresses an improper access control bug in Commerce Cloud, which could allow blocked users to use the forgotten password feature to regain access to the application.
A high-severity cross-site scripting flaw in BusinessObjects that could allow an attacker to upload malicious documents to the system and an information disclosure issue in SAP GUI for Windows and SAP GUI for Java, leading to the exposure of confidential information, were also resolved.
SAP patched a high-severity missing authorization check bug in EMARSYS SDK Android, which could allow an attacker with control over a victim's Android device to forward themselves URLs without validation from the host application.
SAP also released seven medium-priority and two low-priority security notes.
The software maker makes no mention of any of these vulnerabilities being exploited in malicious attacks, but threat actors are known to target SAP application vulnerabilities.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Dec 2023 19:13:04 +0000


Cyber News related to SAP Patches Critical Vulnerability in Business Technology Platform

The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
1 year ago Cybersecurity-insiders.com
Exploring Technology in Classroom Learning - This article aims to explore the effective utilization of technology to enhance classroom learning experiences. Technology plays a crucial role in facilitating effective and engaging learning experiences in the classroom. With the advancement of ...
1 year ago Securityzap.com
SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
1 year ago Securityweek.com CVE-2023-49583
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
1 year ago Securityweek.com CVE-2023-49583 CVE-2023-50422
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
1 year ago Securityboulevard.com
Unveiling the Power of NFC Technology - Key Components of NFC Technology Tags and Readers NFC technology is based on two essential components: tags and readers. This exchange of information is what enables NFC technology to be used for various applications, such as contactless payments, ...
1 year ago Feeds.dzone.com
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
11 months ago Securityweek.com CVE-2019-17495 CVE-2022-36364 CVE-2024-33006
Entertainment Transformed: The Impact of Technology - From music production to live events, from television and film to gaming and social media, technology has changed the way we enjoy entertainment in both positive and negative ways. In this article, we will explore how different aspects of ...
1 year ago Securityzap.com
SAP Patches Critical Command Injection Vulnerabilities - Enterprise software maker SAP on Tuesday released 10 new and two updated security notes as part of its March 2024 Security Patch Day, calling attention to serious bugs in business-facing products. Three of the notes are marked 'hot news' - the ...
1 year ago Securityweek.com CVE-2019-10744 CVE-2024-22127
SAP Security Patch Addresses Privilege Escalation Flaw - SAP is a leading enterprise software suite that integrates various business functions like:-. This renowned enterprise software suite helps organizations to:-. Recently, on a security note, the German multinational software company SAP released a ...
1 year ago Cybersecuritynews.com CVE-2024-21734
Addressing the Cybersecurity Vendor Ecosystem Disconnect - COMMENTARY. If you are a member of the security team in charge of defending a network, you are probably accustomed to working with a technology stack composed of hardware, software, and data from dozens of different sources. Consolidating and joining ...
11 months ago Darkreading.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
1 year ago Securityzap.com
Smart Home Technology: Your Gateway to Modern Living - Smart home technology offers homeowners an array of benefits, from increased convenience and comfort to enhanced safety and energy savings. Smart home technology offers convenience, comfort, safety, and energy savings. Smart home technology provides ...
1 year ago Securityzap.com Meow
Want to Justify Your IT Investments Faster? Measure Business Outcomes. - Achieving strategic business outcomes in today's fast-paced digital climate is a key imperative. Digital transformation, better customer experiences, increased productivity, and cost savings are rated as the most important business outcomes, ...
1 year ago Feedpress.me
Sustainable Tech Solutions: Paving the Way for a Greener Tomorrow - In order to ensure a brighter tomorrow, sustainable technology solutions must be embraced and implemented. This article will explore the benefits, challenges, pros and cons of sustainable technologies, as well as showcase various sustainable ...
1 year ago Securityzap.com
Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments - PRESS RELEASE. CAMBRIDGE, England, Jan. 24, 2024 /PRNewswire/ - Darktrace, a global leader in cyber security AI, and Garland Technology, a leading manufacturer of network TAP, aggregator, packet broker, data diode and inline bypass solutions, today ...
1 year ago Darkreading.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
2 years ago Thehackernews.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
6 months ago Securityboulevard.com CVE-2024-45409
Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability - Cisco Full-Stack Observability solutions help optimize and secure the applications that underpinonline and in-store experiences from the customer to the warehouse to economies of scale. Retailers can become more customer centric by taking action that ...
1 year ago Feedpress.me
Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
2 years ago Csoonline.com
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
1 year ago Securityweek.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Go.theregister.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Packetstormsecurity.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678
Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits - “Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company stated in its advisory. Oracle Database Server versions 19.3-19.26, 21.3-21.17, ...
2 days ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)