Today is again the SAP patchday in July 2023.

Two hot news, a full seven serious and nine medium vulnerabilities have been published. Now it is crucial to update your systems and know where dangers could arise without the updates.

Hot News

SAP has discovered a serious security vulnerability in SAP NetWeaver ABAP (IS-OIL). A programming error in a function module or report makes it possible for an authenticated attacker to inject an arbitrary operating system command. The vulnerability affects different versions of SAP NetWeaver ABAP (IS-OIL). If the attack is successful, the attacker can access and manipulate system data and shut down the system.

Second “Hot News” message: As part of an update, security updates have also been released for the Google Chromium browser controller used with SAP Business Client. This fixes potential security vulnerabilities and improves the security of the software.

Other security messages

Furthermore, security updates for other products were released. An important update concerns SAP NetWeaver (BI CONT ADD ON) with versions 707, 737, 747 and 757, where a directory traversal vulnerability was fixed. Also, a vulnerability in SAP Web Dispatcher was fixed, affecting different versions.

Additional security updates have been released for SAP UI5 Variant Management, SAP SQL Anywhere, SAP Solution Manager (Diagnostics Agent) and other products.

A detailed list of fixed vulnerabilities and affected SAP products can be found on SAP’s official website at the following link:

SAP Patchday July 2023 – all important security vulnerabilities

SAP customers are urged to install these security updates as soon as possible to protect their systems from possible attacks. The patches and installation instructions are available on SAP’s support website.

We would be happy to help you install the updates. Just contact us for that.