Security Advisory

SAP Product Security Update Advisory

  • Oct 10 2024

Overview

An update has been released to address vulnerabilities in SAP Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform

  • ENTERPRISE 420
  • 430
  • 2025
  • Enterprise clienttools 420

 

CVE-2024-41730

SAP BusinessObjects Business Intelligence Platform

  • ENTERPRISE 430
  • 440

 

CVE-2024-39592

SAP PDCE

  • S4CORE 102
  • S4CORE 103
  • S4COREOP 104
  • S4COREOP 105
  • S4COREOP 106
  • S4COREOP 107
  • S4COREOP 108

 

 

Resolved Vulnerabilities

 

A vulnerability that could allow an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download all files from the machine hosting the service, which could affect the confidentiality of the application (CVE-2024-37179)

Vulnerability that could allow an unauthorized user to obtain a logon token using a REST endpoint when Single Signed On is enabled in Enterprise authentication (CVE-2024-41730)

Vulnerability in Yoga in PDCE that fails to perform required privilege checks on authenticated users, which could allow an attacker to read sensitive information via privilege escalation, which could significantly impact the confidentiality of the application (CVE-2024-39592)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

 

CVE-2024-37179

  • See Referenced Sites[2] to update

 

CVE-2024-41730

  • See Referenced Sites[4] to update

 

CVE-2024-39592

  • See Referenced Sites[6] to update

 

 

References
 

[1] CVE-2024-37179 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37179

[2] sap/notes/3478615

https://me.sap.com/notes/3478615

[3] CVE-2024-41730 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41730

[4] sap/notes/3479478

https://me.sap.com/notes/3479478

[5] CVE-2024-39592 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39592

[6] sap/notes/3483344

https://me.sap.com/notes/3483344

Tags:

Previous Post

Next Post