Skip to content

Safe Tuesday with SNOK: SAP Patch Day October 2024

Dear SAP specialists and cybersecurity experts, Welcome to our monthly review of the SAP Patch Day, where we analyse the latest SAP security updates.…

Dear SAP specialists and cybersecurity experts,

Welcome to our monthly review of the SAP Patch Day, where we analyse the latest SAP security updates. Today we focus on the October 2024 SAP Patch Day.

Key information:

SAP released 12 new and updated security patches, including:

  • 1 HotNews Note

  • 3 High Priority Notes

Update to HotNews Security Note #3479478 (CVSS 9.8):

  • Originally released in August 2024

  • Fixes a “Missing Authentication Check” vulnerability in SAP BusinessObjects Business Intelligence Platform

  • Additional fix for SBOP BI PLATFORM SERVERS 4.2 SP009

Update to High Priority Note #3483344 (CVSS 7.7):

  • Concerns a “Missing Authorization Check” vulnerability in SAP Product Design Cost Estimating (PDCE)

  • New fixes for SEM-BW 600 through SEM-BW 748 components

New High Priority Notes:

SAP Security Note #3523541 (CVSS 8.0):

  • Concerns SAP Enterprise Project Connection

  • Fixes vulnerabilities in the Spring Framework and Log4j libraries

  • Updates library versions

  • Vulnerabilities tracked as: CVE-2024-22259, CVE-2024-38809, CVE-2024-38808, CVE-2022-23302

SAP Security Note #3478615 (CVSS 7.7):

  • Affects all SAP BusinessObjects Business Intelligence Platform customers

  • Fixes an “Insecure File Operations” vulnerability

  • Issue: authenticated users can send specially crafted requests to the Web Intelligence Reporting Server to download arbitrary files from the machine hosting the service

Summary:

October 2024’s SAP Patch Day is relatively quiet, with only 12 security notes, 6 of them new. We recommend a thorough review of the updated SAP Security Notes, as most of them have been extended with fixes for additional component versions.

SNOK’s actions:

At SNOK we thoroughly analyse each of these patches and their potential impact on our clients’ systems. We are ready to help assess risk and implement the necessary updates to ensure the highest level of security for your SAP systems.

Don’t wait - contact us to secure your SAP environment today!

Tematy: Safe Tuesday sap-security SAP S/4HANA

Get in touch