SAP Security Patchday September 2023: Protection against threats at the highest level

In the latest SAP Patchday, there are a total of 5 hot news, 2 high-priority notifications, 9 medium and 2 low-priority notifications. We take a look at the developments:

Hot News

• Google Chromium Updates for SAP Business Client: SAP is responding to a security advisory from April 2018 by delivering security updates for the Google Chromium browser control used with SAP Business Client. This is a critical step to ensure the security of business processes.
• Vulnerability in SAP BusinessObjects Business Intelligence Platform: Another important patchday vulnerability closed relates to information disclosure in SAP BusinessObjects Business Intelligence Platform. This update closes a potentially dangerous vulnerability to protect sensitive business data.
• Illegal access control in SAP NetWeaver AS Java: This update refers to a security advisory from the December 2022 patchday and fixes the invalid access control in SAP NetWeaver AS Java in connection with the user-defined search. This is another step towards SAP security.
• Code Injection Vulnerability in SAP Business Objects Business Intelligence Platform: The SAP community is also informed about a code injection vulnerability in SAP Business Objects Business Intelligence Platform, which is fixed with this update. This is critical to ensure the integrity of business data.
• Missing authorization check in SAP CommonCryptoLib: This vulnerability has been classified as Hot News because it is particularly severe in nature. The update addresses a missing authorization check in SAP CommonCryptoLib and strengthens the security of encryption processes.

High-priority messages: Significant risks

In addition to the hot news, there are 9 high-priority messages that should not be ignored. These include file type validation issues in SAP BusinessObjects Business Intelligence Platform and a memory corruption vulnerability in SAP CommonCryptoLib.

Medium priority messages: Further security improvements

Medium-priority notifications should not be overlooked either, as they help to increase the overall security of SAP systems. This includes, for example, the remediation of a URL redirection vulnerability in SAP S/4HANA.

Overall, the September 2023 SAP Security Patchday shows that SAP systems security is constantly being improved to ward off threats at the highest level. Companies should apply these updates promptly to protect their systems and ensure data integrity. The security of your business processes comes first.

We will be happy to help you with the installation of the updates. Simply contact us for this purpose.