Hey SAP Community!
I've just released a new video covering the latest SAP security patches from June 2024. In this quick overview, we dive into 13 critical vulnerabilities that SAP has addressed.
Key highlights:
- Cross-site scripting in Financial Consolidation
- Denial-of-service vulnerabilities in AS Java and ABAP platforms
- Unrestricted file upload issues
- Missing authorization checks in various modules
The video provides a taste of the in-depth analysis, including code-level explanations and practical demonstrations using SAP transactions like SNOTE.
***REMOVED BY MODERATION***
SAP Note Title
| 3457592 |
Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation |
| 3460407 |
Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository) |
| 3453170 |
Denial of service (DOS) in SAP NetWeaver and ABAP platform |
| 3459379 |
Unrestricted file upload in SAP Document Builder (HTTP service) |
| 3466175 |
Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) |
| 3465129 |
Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) |
| 3450286 |
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| 3465455 |
Missing Authorization check in SAP BW/4HANA Transformation and DTP |
| 3457265 |
Missing Authorization check in SAP Student Life Cycle Management (SLcM) |
| 3425571 |
Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) |
| 2638217 |
Switchable Authorization Checks in Central Finance Infrastructure Components |
| 3441817 |
Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) |
| 3392049 |
Missing Authorization check in SAP Bank Account Management |
#SAPSecurity #Vulnerabilities #ContinuousLearning
