Critical Updates Released on August 2024 SAP Security Patch Day

SAP Security Patch Day successful August 2024 has brought to airy respective captious updates and vulnerabilities, underscoring the value of regular information attraction successful safeguarding endeavor software.

In the August 2024 release, SAP issued a full of 25 caller and updated information notes. Among these, 2 were classified arsenic HotNews Notes, indicating terrible vulnerabilities requiring contiguous attention, and 4 were tagged arsenic High Priority Notes. These updates are captious for addressing weaknesses that could different compromise the confidentiality, integrity, and availability of SAP systems.

One of the astir notable vulnerabilities addressed successful this spot is related to Node.js, which affects applications built with SAP Build Apps. Due to the vulnerability to CVE-2024-29415, SAP has recommended that each affected applications beryllium rebuilt utilizing SAP Build Apps mentation 4.11.130 oregon later. Failure to use this update could permission applications susceptible to superior information breaches.

August 2024 Security Notes successful Detail

The August SAP Security Patch Day highlighted respective important vulnerabilities, including:

• SAP Security Note #3423268: This note, with a CVSS people of 7.8, addresses a vulnerability successful SAP S/4HANA’s Manage Supply Protection feature, which uses the SheetJS library. The susceptible versions of this room could exposure the exertion to risks affecting its confidentiality, integrity, and availability. The update includes a spot to the latest mentation of SheetJS, which mitigates these risks.
• SAP Security Note #3460407: This High Priority note, with a CVSS people of 7.5, focuses connected an accusation disclosure vulnerability successful SAP NetWeaver AS Java’s Meta Model Repository. Initially released successful June 2024, this enactment was updated to screen further enactment bundle levels. The spot provided addresses the vulnerability by updating the MMR_SERVER component.
• SAP Security Note #3479478: This HotNews Note, rated with a CVSS people of 9.8, is peculiarly critical. It addresses a Denial of Service (DoS) vulnerability successful SAP BusinessObjects Business Intelligence Platform. The flaw could let unauthorized users to exploit a REST endpoint, afloat compromising the system’s confidentiality, integrity, and availability.
• SAP Security Note #3477196: Another high-risk vulnerability was recovered successful applications built with SAP Build Apps utilizing a susceptible Node.js library. With a CVSS people of 9.1, this enactment emphasizes the request for rebuilding applications to guarantee security. The interaction of not addressing this vulnerability could beryllium severe, affecting some confidentiality and integrity.

Focus connected SAP Security Patch Day

SAP Security Patch Day is an indispensable portion of SAP’s ongoing committedness to maintaining the information of its bundle solutions. By regularly issuing information notes, SAP provides organizations with the indispensable tools to support their systems from imaginable threats. The August 2024 updates service arsenic a reminder of the captious relation that timely patching plays successful the wide information strategy of immoderate enactment utilizing SAP software.

Onapsis Research Labs played a pivotal relation successful the August 2024 SAP Security Patch Day by assisting successful the recognition and remediation of respective vulnerabilities. Their contributions include:

• SAP Security Note #3485284: This High Priority note, with a CVSS people of 8.2, addresses a vulnerability successful SAP BEx Web Java Runtime Export Web Service. The vulnerability could let an attacker to exhaust XMLForm services, rendering the SAP ADS strategy unavailable.
• SAP Security Note #3459935: This note, rated with a CVSS people of 7.4, patches susceptible OCC API endpoints successful SAP Commerce Cloud. The vulnerability allowed Personally Identifiable Information (PII) to beryllium exposed successful petition URLs, creating a hazard of information leakage.
• Other Contributions: Onapsis Research Labs besides contributed to the patching of respective different vulnerabilities, including issues successful SAP Shared Service Framework, SAP CRM ABAP, SAP NetWeaver Application Server ABAP, and SAP Student Lifecycle Management.

The August 2024 SAP Security Patch Day has further reinforced the value of keeping SAP systems up to day with the latest information patches. With 25 caller and updated information notes, including captious updates for widely-used SAP solutions, organizations indispensable prioritize these patches to support the information and integrity of their systems. Regular information successful SAP Security Patch Day besides ensures that vulnerabilities are addressed promptly, reducing the hazard of exploitation by malicious actors.