A PHP Error was encountered

Severity: Notice

Message: Undefined variable: blog

Filename: news/news_detail.php

Line Number: 24

Backtrace:

File: /home/nasozbyc/vipera.com.tr/application/views/news/news_detail.php
Line: 24
Function: _error_handler

File: /home/nasozbyc/vipera.com.tr/application/views/main/template.php
Line: 3
Function: view

File: /home/nasozbyc/vipera.com.tr/application/controllers/News.php
Line: 161
Function: view

File: /home/nasozbyc/vipera.com.tr/index.php
Line: 315
Function: require_once

A PHP Error was encountered

Severity: Notice

Message: Trying to access array offset on value of type null

Filename: news/news_detail.php

Line Number: 24

Backtrace:

File: /home/nasozbyc/vipera.com.tr/application/views/news/news_detail.php
Line: 24
Function: _error_handler

File: /home/nasozbyc/vipera.com.tr/application/views/main/template.php
Line: 3
Function: view

File: /home/nasozbyc/vipera.com.tr/application/controllers/News.php
Line: 161
Function: view

File: /home/nasozbyc/vipera.com.tr/index.php
Line: 315
Function: require_once

SAP Security Notes – June 2023 - Safe O'Clock

SAP Security Notes – June 2023

June 14, 2023

On the 13th of June 2023, SAP Security Patch Day saw the release of 8 new Security Notes.

There were 5 updates to previously released Security Notes.

 

Notes by severity

 

HotNews 0
Correction with high priority 4
Correction with medium priority 8
Correction with low priority 1

Highlights


On June Patch Day SAP presented 4 high-severity Notes; all of them are rated as a correction with high priority.

The list for today is not large, so this will help us to describe what you should look at as a first priority in a more detailed way.

 

First, we will pay attention to the Note 3102769, which is Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse – with a CVSS Score of 8.8. Unauthorized attackers can launch XSS attacks using just one SAP KW component within a Web browser, potentially disclosing sensitive data. This Note was re-released with updated “Support Packages & Patches” information for releases 7.31 and 7.40 since the last update on 23rd August 2022.

SAP UI5 gets a couple of high-prioritized corrections:

The Note 3324285Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management) – with a CVSS Score of 8.2. Insufficient user-controlled input encoding in UI5 Variant Management causes a vulnerability known as Stored Cross-Site Scripting (Stored XSS). After successful exploitation, a hacker with user-level access can severely compromise user privacy, change sensitive data, and render the application unavailable to users.
Note 3326210 Improper Neutralization of Input in SAPUI5 – with a CVSS Score of 7.1. Untrusted CSS can be injected because SAPUI5’s sap.m.FormattedText control lacks to effectively neutralize input. It prevents users from accessing the application. Additionally, the vulnerability could allow an attacker to view or modify user information through phishing attacks in the same lack of URL validation by the program. The Note was re-released from the previous Patch Day with updated ‘Solution’ and ‘Workaround’ information.

Integration with SAP Plant Connectivity for SAP Digital Manufacturing also gets an important security patch:

The last Note to mention: 3301942Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing – with a CVSS Score of 7.9. The JSON Web Token (JWT) signature in the HTTP request provided by SAP Digital Manufacturing is not verified by SAP Plant Connectivity 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing. Unauthorized callers from the internal network might therefore be able to issue service requests to PCo or the Production Connector, which might compromise the integrity of the integration with SAP Digital Manufacturing.

Summary

SAP Component Number Description Priority CVSS CVSS Vector
KM-KW-HTA 3102769 [CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse high 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
CA-UI5-COR 3324285 [CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management) high 8.2 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
MFG-PCO-DMC 3301942 [CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing high 7.9 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
CA-UI5-CTR-BAL 3326210 [CVE-2023-30743] Improper Neutralization of Input in SAPUI5 high 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
LO-MD-BP 3142092 [CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) medium 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
BC-CTS-DTR 3318657 [CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository) medium 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EP-PIN-NAV 3331627 [CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal) medium 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CRM-IPS-BTX-APL 2826092 [CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management) medium 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CA-WUI-UI-TAG 3322800 Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) medium 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CA-WUI-UI-TAG 3315971 [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) medium 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
BI-BIP-INV 3319400 [CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform medium 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AP-MD-BF-SYN 1794761 [CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL) medium 4.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
BC-CTS-TMS-CTR 3325642 [CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System) low 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

#sapsecurity #sapvulnerabilities #sapresearch