SAP has unveiled its latest security patch update for July 2024, which has addressed 18 vulnerabilities across its products. This update comes with remedies for two critical flaws that have the potential to grant unauthorized entry to crucial data and systems.
One of the most severe vulnerabilities, known as CVE-2024-39592, impacts SAP’s Product Design Cost Estimating (PDCE) tool. With a CVSS score of 7.7, this absence of authorization verification might let attackers view generic table data, thus exposing sensitive details.
Another urgent fix deals with CVE-2024-39597 in SAP Commerce, scoring 7.2 on the CVSS scale.
This inadequate authorization verification could empower attackers to manipulate the forgotten password function and reach improperly configured websites without merchant authorization.
The update also encompasses corrections for 15 moderate vulnerabilities affecting different SAP products like Landscape Management, Document Builder, NetWeaver, CRM, Business Warehouse, S/4HANA, Business Workflow, GUI for Windows, Transportation Management, and Enable Now.
These vulnerabilities touch upon several issues like data exposure, unregulated file uploads, absence of authorization verification, cross-site scripting (XSS), and server-side request forgery (SSRF).
Although there haven’t been any reports of active exploitation of these vulnerabilities by SAP, it is highly advised that users implement these patches at the soonest.
Historical incidents have demonstrated that cybercriminals tend to focus on known SAP vulnerabilities even post-patch release. The significance of prompt security updates for corporate software is highlighted by the July 2024 patch update.
Enterprises using SAP products should give precedence to the application of these patches to reduce potential threats to their systems and data.
The article SAP Security Update: Fix For Critical Vulnerabilities was first published on Cyber Security News.