SAP Product Security Update Advisory (CVE-2024-42374)

Aug 29 2024

Overview

An update has been released to address vulnerabilities in SAP Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-42374

SAP BEx Web Java Runtime Export Web Service

BI-BASE-E version 7.5
BI-BASE-B version 7.5
BI-IBC version 7.5
BI-BASE-S version 7.5
BIWEBAPP version 7.5

Resolved Vulnerabilities

Insufficient validation of XML documents accepted from untrusted sources, which could allow an attacker to retrieve information from the SAP ADS system and exhaust the XMLForm service count, rendering SAP ADS rendering (PDF generation) unusable (CVE-2024-42374)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-42374

See Referenced Sites[2] to update

References

[1] CVE-2024-42374 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-42374

[2] sap/patch/3485284

https://me.sap.com/notes/3485284

SAP Product Security Update Advisory (CVE-2024-42374)

WordPress Plugin Security Update Advisory (CVE-2024-6386)

GitLab Product Security Update Advisory

Tags:

WordPress Plugin Security Update Advisory (CVE-2024-6386)

GitLab Product Security Update Advisory