SAP Security Patch Day Abril 2024 - Vulnerabilidades
VSA24-01001Desde la Agencia Nacional de Ciberseguridad (ANCI) informamos frecuentemente de vulnerabilidades importantes que pueden afectar sus aplicaciones, datos o equipos.
En esta ocasión, compartimos información divulgada por SAP, su paquete de parches correspondiente a abril de 2024.
Vulnerabilidades
ID | CVSS | EPSS |
---|---|---|
CVE-2024-27899 | 8.8 | 0.0430% |
CVE-2024-25646 | 7.7 | 0.0430% |
CVE-2024-27901 | 7.2 | 0.0430% |
CVE-2024-30218 | 6.5 | 0.0430% |
CVE-2024-28167 | 6.5 | 0.0430% |
CVE-2022-29613 | 6.5 | 0.0540% |
CVE-2023-40306 | 6.1 | 0.0630% |
CVE-2024-27898 | 5.3 | 0.0430% |
CVE-2024-30214 | 4.8 | 0.0430% |
CVE-2024-30215 | 4.8 | 0.0430% |
CVE-2024-30216 | 4.3 | 0.0430% |
CVE-2024-30217 | 4.3 | 0.0430% |
Versiones Afectadas
Producto | Versiones |
---|---|
SAP NetWeaver AS Java User Management Engine |
|
SAP BusinessObjects Web Intelligence |
|
SAP Asset Accounting |
|
SAP Edge Integration Cell |
|
SAP NetWeaver AS ABAP and ABAP Platform |
|
SAP Group Reporting Data Collection (Enter Package Data) |
|
SAP Employee Self Service (Fiori My Leave Request) |
|
SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) |
|
SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear) |
|
SAP Business Connector |
|
SAP S/4 HANA (Cash Management) |
|
Mitigación
Implementar las actualizaciones descritas en el sitio de SAP: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html