NCERT issued an advisory warning organizations using SAP software about critical security vulnerabilities. These vulnerabilities were discovered in SAP’s May 2024 Security Patch Day and pose a significant risk if left unaddressed.
The most concerning vulnerability, CVE-2024-33006, impacts SAP NetWeaver Application Server ABAP and allows attackers to upload malicious files, potentially compromising entire systems. Versions 700 to 758 of SAP_BASIS are particularly vulnerable and require immediate patching.
NCERT also identified vulnerabilities in SAP CX Commerce and SAP BusinessObjects Business Intelligence Platform. Additionally, medium and low-severity vulnerabilities exist across various SAP products.
To mitigate these risks, NCERT recommends promptly applying the latest SAP security patches, conducting regular vulnerability assessments, implementing the principle of least privilege for user access, and deploying robust monitoring and detection mechanisms. These measures are crucial for ensuring system security and preventing potential breaches and disruptions.
