Only one hot news and eight medium severity vulnerabilities were published during the October 2023 SAP Patchday. It is critical to update your systems now to ensure continued security.

Hot News SAP Patchday October 2023

As part of a security update released on Patchday in April 2018, important updates were provided for the Google Chromium browser component that is used together with SAP Business Client. This update specifically affects the SAP Business Client product and is relevant for versions 6.5, 7.0, and 7.70. The implementation of these security updates ensures the stability and security of SAP Business Client to minimize potential security risks related to the browser component.

Medium vulnerabilities

Eight medium security vulnerabilities were closed during the SAP Patchday in October 2023. Read about some of the closed gaps here – for all information, feel free to check out the official SAP Patchday Blog.

Server-side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat Application): A vulnerability with the identifier CVE-2023-42477 has been discovered in SAP NetWeaver AS Java version 7.50. This vulnerability relates to a server-side request forgery that could allow an attacker to send unauthorized requests to the server and potentially access sensitive data.

Missing Authorization Check in S/4HANA (Withholding Tax Item Management): The vulnerability with CVE number CVE-2023-42473 affects SAP S/4HANA version 106 and relates to a missing authorization check in the management of withholding tax items. This could allow an unauthorized user to access or manipulate sensitive tax information.

Information Disclosure Vulnerability in SAP Business One (B1i) and Regulatory Reporting in SAP S/4HANA Core: An information disclosure vulnerability with the number CVE-2023-41365 has been identified in SAP Business One (B1i) version 10. This vulnerability could allow an attacker to disclose confidential information. Additionally, an information disclosure vulnerability has been identified in regulatory reporting in various versions of SAP S/4HANA Core (S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, SAPSCORE 128), indicating that confidential information could be at risk.

We will be happy to help you with the installation of the updates. Simply contact us for this purpose.