Vulnerabilities

SAP Releases 16 New Security Notes on September 2024 Patch Day

SAP has released patches for multiple missing authorization check and information disclosure vulnerabilities on its September 2024 Security Patch Day.

Published

SAP has released patches for multiple missing authorization check and information disclosure vulnerabilities on its September 2024 Security Patch Day.

Enterprise software maker SAP on Tuesday announced the release of 16 new and three updated security notes as part of its September 2024 Security Patch Day.

At the top of this month’s list of security notes are the three updates, all for notes released in August 2024 to resolve critical-, high- and medium-severity vulnerabilities.

The first of them, a hot news note that resolves a missing authorization check in BusinessObjects (CVE-2024-41730, CVSS score of 9.8), was updated with workaround instructions for customers who cannot apply the available patches, enterprise application security firm Onapsis explains.

The second, addressing a high-severity information disclosure bug in Commerce Cloud (CVE-2024-33003, CVSS score of 7.4), updates the fixed version of the affected application.

SAP also updated a medium-priority note that patches multiple security defects in Replication Server (FOSS), and released 13 other security notes fixing medium-severity flaws in NetWeaver, Commerce Cloud, BusinessObjects, Business Warehouse, S/4 HANA, and SAP for Oil & Gas.

The resolved issues include cross-site scripting (XSS), information disclosure, DLL hijacking, and missing authorization check vulnerabilities that could impact the availability, confidentiality, and integrity of the applications.

Advertisement. Scroll to continue reading.

One of the notes addresses six missing authorization check flaws in NetWeaver, including one that “allows a low privileged attacker to send a crafted packet in the vulnerable function module targeting a specific user. This user will no longer have access to any functionality of SAP GUI and will thus experience a total loss of application availability,” Onapsis says.

The remaining three security notes that SAP released this month resolve low-severity missing authorization check flaws in Student Life Cycle Management (SLcM) and NetWeaver Application Server for ABAP and ABAP Platform.

SAP makes no mention of any of these vulnerabilities being exploited in the wild. Users are advised to review SAP’s security notes and apply the fixes as soon as possible.

Related: SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

Related: 38 Tech Leaders Sign Cyber Resilience Pledge

Related: Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications

Related: In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act

In this article:,

Related Content

Ivanti Fortinet Splunk vulnerability patches

Vulnerabilities

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

6 days ago

ICS/OT

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact

In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT.

6 days ago

Vulnerabilities

Microsoft Patches 200 Vulnerabilities

Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them.

7 days ago

Vulnerabilities

Adobe Patches 123 Vulnerabilities

Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product.

7 days ago

Vulnerabilities

SAP Patches Critical NetWeaver, Commerce Vulnerabilities

The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage.

June 9, 2026

Vulnerabilities

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

The two chip giants have published over two dozen advisories describing recently identified security defects.

May 13, 2026

Vulnerabilities

Microsoft Patches 137 Vulnerabilities

Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence.

May 12, 2026

Vulnerabilities

Adobe Patches 52 Vulnerabilities in 10 Products

While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution.

May 12, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version