SAP fixes critical flaws in NetWeaver and Commerce Cloud
Summary
SAP has addressed 15 vulnerabilities in its June 2024 Security Patch package, with four of these rated as critical. The critical flaws impact SAP NetWeaver and SAP Commerce Cloud, and exploiting them could lead to unauthorized access or data manipulation.
IFF Assessment
The discovery and patching of critical vulnerabilities represent a potential window of opportunity for attackers before all affected systems are updated, posing a risk to organizations using these SAP products.
Severity
Given the critical severity, potential for unauthorized access and data manipulation, and the nature of SAP NetWeaver and Commerce Cloud as core business systems, a high CVSS score reflecting significant impact and exploitability is estimated.
Defender Context
Defenders should prioritize patching these critical SAP vulnerabilities as soon as possible to mitigate the risk of exploitation. Organizations utilizing SAP NetWeaver and Commerce Cloud must remain vigilant for any signs of compromise and ensure their systems are up-to-date with the latest security patches.