June 14, 2023

As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities

The Notable High-Severity Vulnerabilities

• CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.
• CVE-2023-2827

Furthermore, SAP has published additional patches to address another vulnerabilities affecting several products.

Affected Products

The full list of affected products can be seen in SAP Advisory.

Mitigation

CYREBRO urges all clients who use the vulnerable products to update their affected products to the most recent version in order to mitigate the vulnerabilities.

References: SAP Advisory