SAP fixes two critical vulnerabilities (CVE-2024-39592, CVE-2024-39597) and 15 medium-level vulnerabilities across various products. Apply patches promptly to mitigate risks.
SAP has released its July 2024 security updates, addressing 18 vulnerabilities across its product suite. These include two critical vulnerabilities and 15 medium-level issues that could expose organizations to significant risks if unpatched.
Key Critical Vulnerabilities
CVE-2024-39592 (CVSS 7.7):
Affects SAP Product Design Cost Estimating (PDCE).
Caused by missing authentication checks, potentially allowing attackers to access general database tables and sensitive information.
CVE-2024-39597 (CVSS 7.2):
Affects SAP Commerce.
Caused by improper authentication, enabling attackers to exploit the "forgot password" functionality to access unauthorized websites on behalf of store administrators.
Other Vulnerabilities
The update also addresses 15 medium-level vulnerabilities in products such as SAP Landscape Management, Document Builder, NetWeaver, CRM, Business Warehouse, S/4HANA, Business Workflow, and more. These include issues like:
Data exposure
Unrestricted file uploads
Cross-site scripting (XSS)
Server-side request forgery (SSRF)
Recommendations
SAP strongly recommends applying these patches immediately. Although no real-world exploitation of these vulnerabilities has been reported, attackers often target known vulnerabilities after patches are released. Organizations should prioritize installing these updates to protect their systems and data.
For more details, refer to SAP's security updates. Ensure that all updates are applied in accordance with your organization's Change Management Policy.
Greenwill Solution offers expert Patch Management services to help organizations secure their systems. Contact us today to schedule a consultation and ensure your SAP products are protected.นที
Comments