The National Computer Emergency Response Team (NCERT) has issued an advisory regarding critical vulnerabilities in SAP products, highlighted in the company’s May 2024 Security Patch Day.
SAP, a leading provider of enterprise software solutions, has released updates to address these vulnerabilities across various products, including SAP NetWeaver Application Server ABAP, SAP CX Commerce, and SAP Business Client.
One of the most concerning vulnerabilities is CVE-2024-33006, which could enable attackers to achieve complete system compromise.
NCERT warns that the vulnerabilities patched in these updates pose significant risks to organizations using SAP products. If exploited, these vulnerabilities could lead to unauthorized access, data breaches, and potential system compromise. The advisory underscores the need for prompt action to mitigate these risks and protect organizational assets.
The advisory notes that CVE-2024-33006, affecting SAP NetWeaver Application Server ABAP and ABAP Platform, has a CVSS score of 9.6 and allows unauthenticated attackers to upload malicious files to the server, potentially leading to full system compromise. This vulnerability affects SAP_BASIS versions 700 to 758 and requires immediate attention.
Additionally, critical vulnerabilities CVE-2019-17495 and CVE-2022-36364 in SAP CX Commerce, and CVE-2024-28165, a cross-site scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform, also necessitate urgent updates to prevent exploitation.
Furthermore, the advisory highlights medium- and low-severity vulnerabilities across various SAP products, including SAP S/4HANA, SAP My Travel Requests, SAP Replication Server, SAP Global Label Management, SAP Bank Account Management, and SAP UI5. Despite their lower severity, these vulnerabilities still require prompt patching to maintain overall system security.
NCERT recommends several proactive measures to mitigate risks associated with SAP vulnerabilities: applying the latest SAP security patches promptly, conducting regular vulnerability assessments and security audits, adhering to the principle of least privilege to restrict system access, and implementing robust monitoring and detection mechanisms.
These steps are essential to ensure the continued security and integrity of organizational systems and to prevent significant security breaches and operational disruptions.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
