Vulnerabilidades
SAP BusinessObjects Web Intelligence
SAP Employee Self Service (Fiori My Leave Request)
Vulnerabilidad
SAP Edge Integration Cell
SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear)
SAP S/4 HANA (Cash Management)
SAP NetWeaver AS Java User Management Engine
SAP Business Connector
SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)
SAP NetWeaver AS ABAP and ABAP Platform
SAP Asset Accounting
SAP Group Reporting Data Collection (Enter Package Data)
SAP Security Patch Day Abril 2024

Compartir:

Facebook Twitter Mastodon Telegram Twitter WhatsApp

SAP Security Patch Day Abril 2024 - Vulnerabilidades

VSA24-01001

En el CSIRT de Gobierno informamos frecuentemente de vulnerabilidades importantes que pueden afectar tus aplicaciones, datos o computadores. La siguiente es una vulnerabilidad importante.

En esta ocasión, compartimos información divulgada por SAP, su paquete de parches correspondiente a abril de 2024.

Vulnerabilidades

ID CVSS EPSS
CVE-2024-27899 8.8
CVE-2024-25646 7.7
CVE-2024-27901 7.2
CVE-2024-30218 6.5
CVE-2024-28167 6.5
CVE-2022-29613 6.5
CVE-2023-40306 6.1
CVE-2024-27898 5.3
CVE-2024-30214 4.8
CVE-2024-30215 4.8
CVE-2024-30216 4.3
CVE-2024-30217 4.3

Versiones Afectadas

Producto Versiones
SAP NetWeaver AS Java User Management Engine
  • SERVERCORE 7.50
  • J2EE-APPS 7.50
  • UMEADMIN 7.50
SAP BusinessObjects Web Intelligence
  • 4.2
  • 4.3
SAP Asset Accounting
  • SAP_APPL 600
  • SAP_FIN617
  • SAP_FIN 618
  • SAP_FIN700
SAP Edge Integration Cell
  • Anteriores a 8.13.5
SAP NetWeaver AS ABAP and ABAP Platform
  • KRNL64NUC 7.22
  • KRNL64NUC 7.22EXT
  • KRNL64UC 7.22
  • KRNL64UC 7.22EXT
  • KRNL64UC 7.53
  • KERNEL 7.22
  • KERNEL 7.53
  • KERNEL 7.77
  • KERNEL 7.85
  • KERNEL 7.89
  • KERNEL 7.54
  • KERNEL 7.93
SAP Group Reporting Data Collection (Enter Package Data)
  • S4CORE 104
  • S4CORE 105
  • S4CORE 106
  • S4CORE 107
  • S4CORE 108
  • SAP_GRDC_CLOUD 1.0.0
SAP Employee Self Service (Fiori My Leave Request)
  • 605
SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)
  • S4CORE 103
  • S4CORE 104
  • S4CORE 105
  • S4CORE 106
SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear)
  • 7.50
SAP Business Connector
  • 4.8
SAP S/4 HANA (Cash Management)
  • S4CORE 103
  • S4CORE 104
  • S4CORE 105
  • S4CORE 106
  • S4CORE 107
  • S4CORE 108

Mitigación

Implementar las actualizaciones descritas en el sitio de SAP: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html