SAP Releases February 2023 Security Updates
Scheduled security updates address vulnerabilities affecting multiple products
Summary
Scheduled security updates address vulnerabilities affecting multiple products
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
- SAP Host Agent Service
- SAP Business Planning and Consolidation
- SAP BusinessObjects Business Intelligence platform
- SAP NetWeaver AS
- SAP Customer Relationship Management (CRM)
Threat details
Introduction
SAP has released security updates to address multiple vulnerabilities, which are covered in seventeen new security notes and four updates to previous notes. Three of these vulnerabilities are rated High and involve issues such as privilege escalation, cross site scripting (XSS), and improper access control. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation advice
Affected organisations are encouraged to review the SAP Security Notes for February 2023 and apply the necessary updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 15 February 2023 3:33 pm