SAP Patches High-Severity Vulnerability in Web Dispatcher

Enterprise software maker SAP on Tuesday announced the release of eight new and two updated security notes as part of its November 2024 security updates.

Marked as ‘high priority’, the second most severe rating in SAP’s playbook, the most important of these notes resolves a high-severity vulnerability in Web Dispatcher, the appliance that distributes incoming requests to the adequate SAP instances.

In its advisory, SAP describes the security defect, which is tracked as CVE-2024-47590 (CVSS score of 8.8), as a cross-site scripting (XSS) bug.

According to enterprise security firm Onapsis, the flaw can be exploited by unauthenticated attackers by creating a malicious page to execute content in the victim’s browser. The vulnerability can be exploited for both XSS and server-side request forgery (SSRF) attacks, leading to remote code execution on the server

See more: https://www.securityweek.com/sap-patches-high-severity-vulnerability-in-web-dispatcher/

#cybersecurity #sap #patches