On January 9, 2024, SAP announced 10 new security advisories and 2 updates to previously published security advisories as part of its monthly SAP Patchday. The first month of 2024 is characterized by three hot news, four high, four medium and one low security update.

The most important SAP Patchday updates in January 2024

Hot News

Escalation of privileges in SAP applications: This critical vulnerability affects SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA. The affected libraries sap/xssec and sap/approuter have been updated to prevent privilege escalation. This vulnerability has been rated with the highest priority level “Hot News” and a CVSS score of 9.1.

Escalation of privileges in SAP Edge Integration Cell: Another “Hot News” vulnerability with a CVSS value of 9.1 affects the SAP Edge Integration Cell.

Further security gaps of the SAP Patchday in January 2024

Code Injection in SAP Application Interface Framework (File Adapter): A highly rated vulnerability (CVSS 8.4) allows code injections into the SAP Application Interface Framework, specifically in the File Adapter.

Denial of Service (DOS) in SAP components: This vulnerability, with a high priority and a CVSS score of 7.5, affects SAP Web Dispatcher, SAP NetWeaver Application Server ABAP and ABAP Platform.

Information disclosure in Microsoft Edge browser extension: Another highly rated vulnerability (CVSS 7.4) affects the SAP GUI Connector extension for Microsoft Edge, which can lead to information disclosure.

In addition to these five significant security notes, a further five medium and low priority notes have been published covering a range of vulnerabilities in various SAP products, including SAP S/4HANA Finance and SAP NetWeaver.

These extensive updates show how important it is for companies to regularly update their SAP systems to protect themselves from potential security risks. SAP users should implement these patches immediately to ensure the security of their systems and minimize the potential impact on their business processes.

We will be happy to help you install the updates. Simply contact us.