SAP has released their updates for patch day of this month, in which several vulnerabilities have been fixed and CVEs have been updated. The severity of the patched bugs varies from 4.5 (medium) to 10.0 (critical).
The most critical severity vulnerability was disclosed to be related to Chromium browser control delivered with SAP Business client which was given the highest priority.
Critical Severity Vulnerabilities
Excluding the Chromium browser control vulnerabilities, other critical severity vulnerabilities include,
SAP ECC and SAP S/4HANA (IS-OIL) (IS-OIL-DS-HPM):
This is an OS command injection vulnerability that exists in an unprotected parameter in a common extension. The CVE for this vulnerability is given as CVE-2023-36922 and the CVSS score is 9.1 (Critical).
High Severity Vulnerabilities
SAP NetWeaver (BI CONT ADD ON) (BW-BCT-GEN):
This is a Directory Traversal Vulnerability that can allow a threat actor to read potential OS files which can be overwritten for compromising the system. This vulnerability was given the CVE as CVE-2023-33989 and a CVSS score of 8.7 (High).
SAP Web Dispatcher (BC-CST-WDP):
This is a Request Smuggling and request concatenation vulnerability that can allow a threat actor to read, modify or make the server temporarily unavailable. The CVE for this vulnerability is given as CVE-2023-33987 and the CVSS score is 8.6 (High)
SAP SQL Anywhere (BC-SYB-SQA-SRV):
This is a Denial of Service (DoS) vulnerability that exists in the Shared memory objects allowing a low-privileged attacker with local system access to local system make the system go unavailable for legitimate users by crashing the service.
The CVE for this vulnerability was given as CVE-2023-33990 and the CVSS score is 7.8 (High).
SAP Web Dispatcher (BC-CST-WDP):
This is a Memory Corruption vulnerability that allows a threat actor to make memory corruption through logical errors in memory management which can also result in information disclosure or system crash. The CVE for this vulnerability is given as CVE-2023-35871 and the CVSS Score is 7.7 (High).
SAP Solution Manager (Diagnostics agent) (SV-SMG-DIA-SRV-AGT):
This is an unauthenticated SSRF and a header injection vulnerability. SSRF vulnerability allows an unauthenticated threat actor to make malicious HTTP requests leading to impact on the availability and confidentiality.
On the other hand, the header injection vulnerability allows an attacker to serve poisoned content to the server by tampering the headers on a client request.
The CVEs for these two vulnerabilities are given as CVE-2023-36925 and CVE-2023-36921. The CVSS scores are 7.2 for both of them.
There has been improper authentication for some conditions that require user identity which allows malicious actors to target the network and extend the impact scope
SAP Enable Now (KM-SEN-MGR)
–
Multiple Vulnerabilities were addressed in this product
SAP S/4HANA (Manage Journal Entry Template) (FI-FIO-GL-TRA)
Journal entry template creation can be intercepted and changed leading to impact on confidentiality and integrity. In addition to this, it can also lead to standard template deletion.
SAP BusinessObjects Business Intelligence Platform (BI-BIP-SRV)
