SAP Patchday June 2023 – SAP today again published the closed vulnerabilities of the current patchday.

During the June patchday, vulnerabilities of different severity levels were closed, including four critical, eight medium and one low severity vulnerability:

High vulnerabilities

One of the serious vulnerabilities that was closed is the Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse: this vulnerability affects versions 7.30, 7.31, 7.40 and 7.50 of the product. Fixing this vulnerability minimizes the risk of an XSS attack on SAP Knowledge Warehouse.

Another critical vulnerability from the same area is the Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management: by closing this vulnerability, it means that SAP has fixed the vulnerability that allowed an attacker to inject stored malicious code in SAP UI5 Variant Management. This reduces the risk of SAP UI5 application users falling victim to such an attack and protects their data and systems from potentially malicious code.

Medium vulnerability

SAP has also closed another medium vulnerability that was located in SAP S/4HANA! This vulnerability affects SAP S/4HANA versions 104, 105 and 106 and affects Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer. Closing this vulnerability will reduce the risk of unintentional disclosure of information. So if you have any of the versions, you should update as soon as possible.

These are just a few of the fixed vulnerabilities from the June 2023 SAP Patchday, and it is important that organizations keep their systems up to date and apply the patches provided to ensure the security of their SAP environments. For more information on the fixed vulnerabilities, please refer to SAP’s official patch notes.

SAP remains committed to continuously improving the security of its products and minimizing attack opportunities for cybercriminals. Continue to read information about the closed vulnerabilities in the coming months.