SAP, 19 güvenlik açığı için güvenlik güncellemeleri yayınladı. Güvenlik açıkları bir çok ürünü etkilesede kritik önemdeki zafiyetler SAP Business Objects Business Intelligence Platform (CMC) ve SAP NetWeaver’ı etkiliyor.
Kritik öneme sahip 5 zafiyet aşağıdaki gibi:
- CVE-2023-25616: Critical severity (CVSS v3: 9.9) code injection vulnerability in SAP Business Intelligence Platform, allowing an attacker to access resources only available to privileged users. The flaw impacts versions 420 and 430.
- CVE-2023-23857: Critical severity (CVSS v3: 9.8) information disclosure, data manipulation, and DoS flaw impacting SAP NetWeaver AS for Java, version 7.50. The bug allows an unauthenticated attacker to perform unauthorized operations by attaching to an open interface and accessing services via the directory API.
- CVE-2023-27269: Critical severity (CVSS v3: 9.6) directory traversal problem impacting SAP NetWeaver Application Server for ABAP. The flaw allows a non-admin user to overwrite system files. It affects versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791.
- CVE-2023-27500: Critical severity (CVSS v3: 9.6) directory traversal in SAP NetWeaver AS for ABAP. An attacker can exploit the flaw in SAPRSBRO to overwrite system files, causing damage to the vulnerable endpoint. Impacts versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757.
- CVE-2023-25617: Critical severity (CVSS v3: 9.0) command execution vulnerability in SAP Business Objects Business Intelligence Platform, versions 420 and 430. The flaw allows a remote attacker to execute arbitrary commands on the OS using the BI Launchpad, Central Management Console, or a custom application based on the public java SDK, under certain conditions.
Güncellemeleri zaman kaybetmeden yüklenmesi büyük önem taşıyor. Güncellemelere buradan ulaşabilirsiniz.
Kaynak: bleepingcomputer.com