Details to be disseminated:

SAP's July Patch Day saw the publication of 30 new and updated security notes, making it an exceptional release for SAP customers. Among these, six were marked as HotNews and five were high-priority notes.

One of the significant vulnerabilities addressed is a remote code execution issue in SAP S/4HANA and SAP SCM, with a CVSS score of 9.9 (Note #3618955). This vulnerability allows attackers to execute arbitrary code on the target system.

Another critical vulnerability was discovered in the Live Auction Cockpit of SAP Supplier Relationship Management (SRM). Initially rated with a CVSS score of 3.9, the score was later increased to 10.0 by security researchers from Onapsis. This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on the target system as an SAP administrator.

Onapsis Research Labs also discovered four more critical vulnerabilities related to insecure deserialization in SAP NetWeaver AS Java and the Enterprise Portal. All these vulnerabilities were marked as HotNews notes with a CVSS score of 9.1.

SAP Security Note #3617131 addresses two vulnerabilities in SAP NetWeaver AS ABAP, both rated with a CVSS score of 6.1. The first is a Reflected Cross-Site Scripting vulnerability, and the second is an Open Redirect vulnerability. Similarly, another Open Redirect vulnerability was discovered in SAP BusinessObjects Content Administrator Workbench and can be patched by implementing security note #3617380 (CVSS score 6.1).

In addition, Onapsis Research Labs supported SAP in closing nine medium-priority vulnerabilities covered by eight SAP security notes. These included three Cross-Site Scripting vulnerabilities, two Open Redirect vulnerabilities, and four Missing Authorization Check vulnerabilities.

The Cross-Site Scripting vulnerability in SAP Business Warehouse can only be exploited if the SICF service 'BExLoading' is activated and the client network layer is exposed (Note #3604212, CVSS score 6.1). Another insecure deserialization vulnerability was discovered by ORL in the Log Viewer of a SAP NetWeaver AS Java (Note #3610892, CVSS score 6.1).

Onapsis Research Labs also supported SAP in patching two insecure deserialization vulnerabilities in SAP NetWeaver Enterprise Portal.

To stay updated on the latest SAP security issues and Onapsis' ongoing efforts to share knowledge with the security community, subscribe to the monthly Defenders Digest Onapsis Newsletter on LinkedIn. For more details about the four missing authorization check vulnerabilities affecting four remote-capable function modules, visit the Onapsis Blog.

Lastly, SAP Security Note #3565279 addresses a vulnerability in SAP Business Objects Business Intelligence Platform (CMC) that leads to insecure file operations, caused by an older version of Apache Struts that is vulnerable to CVE-2024-53677.

Onapsis Research Labs is continually updating the Onapsis Platform to incorporate the newly published vulnerabilities, enabling companies to protect themselves optimally.