SAP Security Patch Day – August 2024: CVE-2024-41730 (CVSS 9.8) Vulnerability Exposes Systems to Full Control Exploit
SAP has released its monthly security patches for August 2024, addressing a range of vulnerabilities across its extensive product portfolio. The update includes fixes for 17 new security notes and 8 updates to previously released notes.
The most critical vulnerability addressed this month, CVE-2024-41730, impacts the SAP BusinessObjects Business Intelligence Platform. This flaw, with a CVSS score of 9.8, could allow an unauthorized user to obtain a logon token and potentially gain full control of the system, leading to severe consequences for confidentiality, integrity, and availability.
Another high-priority vulnerability, CVE-2024-29415, affects applications built with SAP Build Apps. This Server-Side Request Forgery vulnerability, with a CVSS score of 9.1, could enable attackers to exploit the server to make requests on their behalf, potentially leading to data breaches or unauthorized actions.
The August patch also addresses vulnerabilities in various other SAP products, including SAP BEx Web Java Runtime Export Web Service, SAP S/4 HANA, SAP Commerce Cloud, SAP NetWeaver AS Java, SAP Landscape Management, SAP Replication Server, and more. These vulnerabilities range in severity from medium to high, with potential impacts including denial of service, information disclosure, and unauthorized access.
Given the wide range of vulnerabilities addressed in this month’s patch release, SAP administrators are strongly urged to review and apply the relevant Security Notes as soon as possible. Prioritizing updates for the most critical vulnerabilities, such as CVE-2024-41730 and CVE-2024-29415, is essential to protect against potential exploitation.
For detailed information on all the vulnerabilities addressed in the August 2024 Security Patch Day, administrators can refer to the SAP Support Portal and review the associated CVEs for further insights into the potential impacts and recommended mitigation strategies.