SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA


As part of its September 2023 Security Patch Day, German business software maker SAP on Tuesday announced the release of 13 new and five revised security notes. According to corporate application security company Onapsis, the problem affects the promotion management component’s job folder.

The highest grade offered by the corporation, “hot news,” is given to five of the security notes issued by SAP this month. However, three of these are revisions to security notes that were already published. The most serious of the new hot news notes deals with a significant flaw in BusinessObjects (CVE-2023-40622, CVSS score of 9.9) that gives attackers access to data that might be exploited in other attacks and could potentially result in the compromise of the entire application.

Read More…