SAP Releases 24 Critical Security Patches in April, Including 5 HotNews Notes
SAP has released twenty-four new and updated security patches in April, including five HotNews Notes and one High Priority Note. These updates address critical vulnerabilities and provide the latest supported Chromium patches for SAP Business Client.
The regularly recurring SAP Security Note #2622660 provides an update for SAP Business Client, including the latest supported Chromium patches. Two of the five HotNews Notes contain minor updates: Note #3273480 has an additional fix for SP026, and Note #3294595 has a textual update to the Solution section.
SAP Business Client now supports Chromium version 111.0.5563.65, which fixes seventy-one vulnerabilities in total, including two Critical and thirty-two High Priority vulnerabilities. One of the HotNews Notes, #3305369, patches a critical vulnerability in SAP Diagnostics Agent with a CVSS score of 10.0. The only High Priority Note in April, #3305907, patches a Directory Traversal vulnerability in the BI_CONT AddOn with a CVSS score of 8.7.
Onapsis Research Labs contributed to fixing eight vulnerabilities, including two HotNews vulnerabilities in SAP Diagnostics Agent and one High Priority Note affecting the BI Content AddOn (BI_CONT). Another HotNews Note, #3298961, patches a critical Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform with a CVSS score of 9.8. Two critical vulnerabilities in SAP Diagnostics Agent pose a risk to the entire system landscape.
SAP has addressed numerous critical vulnerabilities in its April security patches. Users are advised to apply these updates promptly to protect their systems. The patches include fixes for SAP Business Client, SAP Diagnostics Agent, and SAP BusinessObjects Business Intelligence Platform.
