Security Advisory

SAP Family April 2024 Routine Security Update Advisory

  • Apr 11 2024

Overview

 

SAP has released a security update to address a vulnerability. users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-27899

  • SAP NetWeaver AS Java User Management Engine SERVERCORE version 7.50
  • SAP NetWeaver AS Java User Management Engine J2EE-APPS 7.50 Version
  • SAP NetWeaver AS Java User Management Engine UMEADMIN 7.50 VersionPre

 

CVE-2024-27901

  • SAP Asset Accounting SAP_APPL 600 version
  • SAP Asset Accounting SAP_APPL 602 Version
  • SAP Asset Accounting SAP_APPL 603 Version
  • SAP Asset Accounting SAP_APPL 604 Version
  • SAP Asset Accounting SAP_APPL Version 605
  • SAP Asset Accounting SAP_APPL Version 606
  • SAP Asset Accounting SAP_FIN 617 Version
  • SAP Asset Accounting SAP_FIN 618 Version
  • SAP Asset Accounting SAP_FIN 700 Version

 

CVE-2024-25646

  • SAP BusinessObjects Web Intelligence 420 version
  • SAP BusinessObjects Web Intelligence version 430
  • SAP BusinessObjects Web Intelligence version 440

 

Resolved Vulnerabilities

 

Incorrect security configuration vulnerability in the User Management Engine in SAP NetWeaver AS Java (CVE-2024-27899)

Directory traversal vulnerability in SAP Asset Accounting (CVE-2024-27901)

Information Disclosure Vulnerability in SAP BusinessObjects Web Intelligence (CVE-2024-25646)

 

Vulnerability Patches

 

vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites[1] to update to the latest Vulnerability Patches version.

 

Referenced Sites

 

[1] SAP Security Patch Day – April 2024

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html

Tags:

Previous Post

Next Post