This August 2023 SAP Patchday saw the release of two hot news, eight highly rated security alerts, seven medium vulnerabilities, and one low vulnerability. Updating your systems now is critical to ensure continued security.

Hot News

One of the hot news refers to a new update of SNote 3350297 that fixes a vulnerability for OS Command Injection in SAP ECC and SAP S/4HANA. The second closed vulnerability is a collective fix for multiple vulnerabilities in the SAP PowerDesign Proxy product. There, it was possible for unauthenticated attackers to execute arbitrary queries against the backend database via a proxy.

More vulnerabilities from SAP Patchday August 2023

Other vulnerabilities that have been rated as high relate to SAP Business One, SAP Business Objects Installer, and SAP NetWeaver.

A security vulnerability with SAP’s Business One product is that a potential cyber attack could inject code into the content of a web page or application, which would then cause erroneous information and malicious actions. In addition, a highly classified message is found with the B1i module of SAP Business One – it allows an authenticated user with extensive knowledge to send manipulated queries over the network to read or even modify SQL data. If successfully exploited, the attacker would cause high impact to the confidentiality, integrity and availability of the application.

With the SAP Business Objects Installer, it was possible for an attacker to overwrite an executable file within the network that was created in a temporary directory during the installation process. This could also completely compromise the confidentiality, integrity, and availability of the system.

Furthermore, additional security holes in SAP NetWeaver have been closed so that operating system files can no longer be overwritten after the new update.

We will be happy to help you with the installation of the updates. Simply contact us for this purpose.