In November 2023, SAP released six new and updated security notes, including two HotNews notes and four rated medium priority. Here are the key points worth noting:
-
Critical update for CommonCryptoLib: SAP Security Note #3340576, rated 9.8 on the CVSS scale, addresses a critical missing authorisation check in SAP CommonCryptoLib. This vulnerability could lead to a complete compromise of the affected application. The update to this note contains minor textual changes that are important for SAP HANA Database 2.0 customers.
-
New threats for SAP Business One: A new HotNews note, SAP Security Note #3355658 with a CVSS score of 9.6, addresses improper access control during the installation of SAP Business One.
🔍 Summary and actions: Although November’s SAP Security Patch Day was relatively quiet, the updates - particularly those relating to SAP CommonCryptoLib and Business One - require a prompt response and remediation.
💬 Worth discussing: What has been your experience deploying these security updates? Are your SAP systems already protected against these newly discovered vulnerabilities?