June 14, 2023
As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities
The Notable High-Severity Vulnerabilities
- CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.
Furthermore, SAP has published additional patches to address another vulnerabilities affecting several products.
The full list of affected products can be seen in SAP Advisory.
CYREBRO urges all clients who use the vulnerable products to update their affected products to the most recent version in order to mitigate the vulnerabilities.
References: SAP Advisory