Various SAP business applications such as Business One, Message Server and PowerDesigner are vulnerable. In some cases, attackers can attack systems with malicious code.
As per the August patch notes, two vulnerabilities (CVE-2023-37483, CVE-2023-37484) are considered “critical” in PowerDesigner. Due to insufficient access control, attackers can access the backend database via a proxy. Password hashes can be read out via the second vulnerability. In addition, a local attacker can place malicious code-infected libraries on systems (CVE-2023-36923 “high”). .
Due to authentication issues (CVE-2023-39439 “high”), it’s possible for an attacker to log into Commerce Cloud without a passphrase. BusinessObjects is vulnerable to a DoS attack. SAP Commerce can leak data (CVE-2023-37486 “medium”).
Security patches are available and should be installed promptly.
Go to home page
#Patchday #Attackers #read #password #hashes #SAP #PowerDesigner