A total of six security vulnerabilities were closed during the SAP Patchday in November 2023. Two of the vulnerabilities were classified as hot news and the remaining four as medium vulnerabilities. Companies around the world should urgently update their systems to protect themselves from potential threats.

Hot News:

Missing authorization check in SAP CommonCryptoLib

The critical security vulnerability in SAP CommonCryptoLib, fixed due to the November update, requires an immediate response from companies using this SAP component. Closing this gap is crucial to prevent unauthorized access.

Access control vulnerabilities in the installation of the SAP Business One product – SAP Business One, Version 10

Companies that rely on SAP Business One version 10 should know that these vulnerabilities in the access control during installation have now been closed. An update is essential to ensure the security of the installation.

Medium Security vulnerabilities:

Update to the October 2023 Patch Day security advisory: – Server-side request forgery in SAP NetWeaver AS Java

The server-side request forgery in SAP NetWeaver AS Java was successfully addressed by the November update. Companies that use this SAP component should update their systems to the latest version in order to protect themselves against potential attacks.

Update to the August 2017 Patch Day security advisory: Cross-site request forgery (CSRF) vulnerability in multiple SAP Sybase products

The long-standing CSRF vulnerability in SAP Sybase products has finally been closed. The November update means that companies are now better protected against CSRF-based attacks.

Vulnerability for information disclosure in SAP NetWeaver Application Server ABAP and ABAP Platform

A potential information disclosure in NetWeaver Application Server ABAP and ABAP Platform has been removed by the November update. This is crucial to protect sensitive information.

Information disclosure in NetWeaver AS Java Logon

The information disclosure in the NetWeaver AS Java Logon has been successfully fixed. Companies using this SAP component can now be sure that their logon information is protected.

This SAP Patchday in November 2023 marks a significant step forward in cybersecurity. Companies should ensure that they update their systems immediately to benefit from the latest security enhancements and protect their IT infrastructure from potential threats. Don’t miss the chance to keep your SAP systems up to date and ensure the security of your digital assets!

We will be happy to help you install the updates. Simply contact us.