SAP’s First Patches of 2024 Address Critical Vulnerabilities


This week, as part of its inaugural Security Patch Day of 2024, enterprise software manufacturer SAP announced the release of ten new and two updated security notes.

SAP explains in its advisory (PDF) that two of the new security notes and one of the updated security notes, rated as “hot news”—the highest rating in SAP’s notebook—deal with critical-severity escalation of privilege vulnerabilities in multiple products. CVE-2023-49583, a security flaw in Business Application Studio, Web IDE Full-Stack, and Web IDE for SAP HANA, is fixed in the first hot news security note.

Four high-severity vulnerabilities were also fixed by SAP on its first Security Patch Day of 2024. The first is a bug in the Application Interface Framework (File Adapter) that allows an attacker to execute commands from the operating system through code injection.

Read More: SAP’s First Patches of 2024 Resolve Critical Vulnerabilities