SAP Patches Critical Vulnerabilities With May 2023 Security Updates


This week, German corporate software maker SAP announced the availability of 18 new security notes for its May 2023 Security Patch Day, including two ‘hot news’ notes that address significant vulnerabilities. Five vulnerabilities in SAP 3D Visual Enterprise Licence Manager’s Reprise Licence Manager (RLM) 14.2 have been fixed by one of the hot news notes.

The most serious of these problems is CVE-2021-44152, a flawed authentication/authorization check that might let an unauthenticated attacker modify the password of any user account (CVSS score: 9.8). According to a NIST alert, “this enables an attacker to change the password of any known user, preventing legitimate users from accessing the system and granting the attacker full access to that user’s account.”

Read More…