Information to be disclosed:
In the opening month of the SAP Security year, a total of 12 new and updated SAP Security Notes were released, addressing a range of potential security issues. Among these, SAP Security Note #3392626 addresses an Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager (BC-CST-IC), while SAP HotNews Security Note #3411067 patches a Privilege Escalation vulnerability in SAP Business Technology Platform (BTP) Security Services Integration Libraries and Programming Infrastructure. The SAP LT Replication Server also received an update to address an Improper Authorization Check vulnerability (CVE-2024-21735), which is addressed by SAP Security Note #3407617. Onapsis Research Labs supported SAP in patching an Information Disclosure vulnerability in SAP Internet Communication Manager (ICM) and SAP Web Dispatcher, tracked under CVE-2023-31405. SAP Security Note #3411869 patches a Code Injection vulnerability in SAP Application Interface Framework (File Adapter)BC-SRV-AIF, and SAP Security Note #3386378 addresses an Information Disclosure vulnerability in the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)BC-FES-CTL. A URL Redirection vulnerability in SAP Marketing (Contacts App)CEC-MKT-DM-CON is addressed by SAP Security Note #3190894. It is important to note that the SAP workbench objects do not include any automatic correction at the time of writing this blog post. Customers must assign a job user to the LTR jobs who has the role SAP_IUUC_REPL_ADMIN and all rule-specific authorizations assigned. An update to SAP Security Note #3407617 is expected in the near future, as the solution seems incomplete. Three of these Notes were HotNews Notes and four were High Priority Notes, underscoring the importance of staying updated with the latest SAP Security Notes.
Read also:
- Industrial robots in China are being installed at a faster rate than in both the United States and the European Union, as the global market for these robots faces a downturn.
- Undeads Games Reaches $30 Million TVL and Gears Up for MMORPG Debut
- Hyundai N affirms transition to hybrid performance-centric models, initiating with Tucson N
- Galvanize Unveils $1.3 Billion Plan to Fund the Energy Sector's Evolution Pathway
