{"id":8788,"date":"2023-04-13T11:33:40","date_gmt":"2023-04-13T09:33:40","guid":{"rendered":"http:\/\/inprosec.com\/?p=8788"},"modified":"2023-12-28T11:48:53","modified_gmt":"2023-12-28T09:48:53","slug":"sap-security-notes-april-2023","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/","title":{"rendered":"SAP Security Notes, April 2023"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<h2>April 2023 notes<\/h2>\n<h3>Summary and highlights of the month<\/h3>\n<p>The total number of notes\/patches was 24, 3 more than last month. The number of Hot News decreased from 6 to 5 this month. On the other hand, it is worth noting that the number of high criticality notes decreases from 4 to 1. As usual we will leave the medium and low notes unchecked this month, but we will give details of a total of 6 notes (all those with a CVSS of 7 or higher).<\/p>\n<p>We have a total of 24 scores for the whole month (the 24 from Patch Tuesday, 19 new ones and 5 updates, that&#8217;s 5 more scores than last month).<\/p>\n<p>We will review in detail the high note, which is new and the 5 HotNews, 3 updates and 2 new:<\/p>\n<ul>\n<li><strong>The most critical notes of the month (with CVSS <span style=\"color: #ff0000;\">10<\/span>)<\/strong> are 2 HotNews, one related to &#8220;<strong>Multiple vulnerabilities in SAP Diagnostics Agent<\/strong>&#8221; and the other is an update to the usual note related <strong>to &#8220;Google Chromium&#8221;<\/strong>.<\/li>\n<li>Next in criticality (with <strong>CVSS <span style=\"color: #ff0000;\">9.9<\/span><\/strong>) is an update of a HotNews released in December 2022, related to &#8220;<strong>Improper access control in SAP NetWeaver AS Java<\/strong>&#8220;.<\/li>\n<li>The next criticality notes (with <strong>CVSS <span style=\"color: #ff0000;\">9.8<\/span> and <span style=\"color: #ff0000;\">9.6<\/span><\/strong>) are 2 HotNews, the first one related to &#8220;<strong>Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform<\/strong>&#8220;, the second one is an update of a note released last March 2023, related to &#8220;<strong>Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform<\/strong>&#8220;.<\/li>\n<li>Next in criticality is the high score (with<strong> CVSS <span style=\"color: #ff0000;\">8.7<\/span><\/strong>) related to &#8220;<strong>Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)<\/strong>&#8220;.<\/li>\n<li>This month the most predominant type is &#8220;<strong>Code Injection vulnerability<\/strong>&#8221; (4\/24 in patch day).<\/li>\n<\/ul>\n<p>In the graph (post April 2023 by SAP) we can see the <span style=\"text-decoration: underline;\"><strong>ranking of the April notes<\/strong><\/span> in addition to the evolution and ranking of the last 5 previous months (only the notes of Sec. Tuesday \/ Patch Day &#8211; by SAP):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8790\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg\" alt=\"\" width=\"700\" height=\"368\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg 1200w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril-300x158.jpg 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril-1024x538.jpg 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril-600x315.jpg 600w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h3>Full details<\/h3>\n<p>The <strong>complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n<ol>\n<li><strong><u>Update &#8211; Security updates for the browser control Google Chromium delivered with SAP Business Client (2622660):<\/u><\/strong> This security note addresses multiple vulnerabilities in the 3rd party web browser control Chromium, which can be used within SAP Business Client. This note will be modified periodically based on web browser updates by the open-source project Chromium. The note priority is based on the highest CVSS score of all the vulnerabilities fixed in the latest browser release. If the SAP Business Client release is not updated to the latest patch level, displaying web pages in SAP Business Client via this open-source browser control might lead to different vulnerabilities like memory corruption, Information Disclosure and the like. The solution will be to update the SAP Business Client patch to the newest one, which contains the most current stable major release of the Chromium browser control, which passed the SAP internal quality measurements of SAP Business Client. The note has been re-released with updated \u2018Solution\u2019 and \u2018Support Packages &amp; Patches\u2019 information <strong>CVSS v3 Base Score: <\/strong><span style=\"color: #ff0000;\"><strong>10<\/strong><\/span><strong> \/ 10 (Multiple CVE\u00b4s).<\/strong><\/li>\n<li><strong><u>Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)( 3305369): <\/u><\/strong>This note lists 2 vulnerabilities in SAP Diagnosis Agent both derived from Unauthenticated RCE, one related to EventLogServiceCollector which allows an attacker to execute malicious scripts on all connected Diagnosis Agents running on Windows and the other due to lack of authentication and insufficient input validation, the OSCommand bridge allows to execute malicious scripts on all connected Diagnosis Agents running on all operating systems, both vulnerabilities compromise the confidentiality, integrity and availability of the system.<strong> CVSS v3 Base Score: <span style=\"color: #ff0000;\">10<\/span> \/ 10 [CVE-2023-27497].<\/strong><\/li>\n<li><strong><u>Update &#8211; Improper access control in SAP NetWeaver AS Java (User Defined Search) (3273480): <\/u><\/strong>An\u00a0unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the\u00a0<em>User Defined Search (UDS) of SAP NetWeaver Process Integration (PI)<\/em>\u00a0and make use of an open naming and directory api to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access for user data, to make limited modifications to user data and to degrade performance of the system, leading to high impact on confidentiality and limited impact on availability and integrity of the application. The note has been re-released to provide the fix to SP026 for version 7.50. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,9<\/span> \/ 10 [CVE-2022-41272].<\/strong><\/li>\n<li><strong><u>Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )(<\/u><\/strong> <strong><u>3298961): <\/u><\/strong>The encrypted information stored in the lcmbiar file can be read due to the lack of password protection causing an attacker to gain access to the BI user&#8217;s passwords and depending on the BI user&#8217;s privileges, the attacker can perform operations that can completely compromise the application. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,8<\/span> \/ 10 [CVE-2023-28765].<\/strong><\/li>\n<li><strong><u>Update &#8211; Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (3294595): <\/u><\/strong>SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.\u00a0 In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable. In addition to the solution provided by the patch upload the note contains a workaround. This note has been re-released with updated\u00a0&#8216;Solution&#8217; information. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,6<\/span> \/ 10 [CVE-2023-27269].<\/strong><\/li>\n<li><strong><u>Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON) (3305907): <\/u><\/strong>Insufficient authority checks and file validations before executing the file upload in BI_CONT causes an attacker can exploit a Directory Traversal vulnerability in a report to upload and overwrite files on the SAP server. <strong>Base Score: <span style=\"color: #ff0000;\">8,7<\/span> \/ 10 [CVE-2023-29186].<\/strong><\/li>\n<\/ol>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Other references, from SAP and Onapsis (April):<\/p>\n<p><a href=\"https:\/\/ddec1-0-en-ctp.trendmicro.com:443\/wis\/clicktime\/v1\/query?url=https%3a%2f%2fdam.sap.com%2fmac%2fapp%2fe%2fpdf%2fpreview%2fembed%2fucQrx6G%3fltr%3da%26rc%3d10&amp;umid=8780927f-e301-4dbb-b956-0ee07e663535&amp;auth=708978c2440d0c6de95dfde6471e502ec413f9a9-7b931f29de852470f9891be8f0e84f4998e8e703\">Digital Library (sap.com)<\/a><\/p>\n<p><a href=\"https:\/\/onapsis.com\/blog\/sap-patch-day-april-2023\">SAP Security Patch Day &#8211; April 2023 | Onapsis<\/a><\/p>\n<h3 style=\"font-weight: 400;\"><strong><u>Resources affected<\/u><\/strong><\/h3>\n<div class=\"w-post-elm post_content\">\n<ul>\n<li>SAP Business Client, Versions -6.5, 7.0, 7.70<\/li>\n<li>SAP BusinessObjects Business Intelligence Platform (Promotion Management,Versions\u2013420, 430<\/li>\n<li>SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector),Version \u2013720<\/li>\n<li>SAP NetWeaver (BI CONT ADDON), Versions -707, 737, 747, 757<\/li>\n<li>SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions -700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791<\/li>\n<li>SAP NetWeaver Process Integration, Version \u20137.50<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. April 2023 notes Summary and highlights of the month The total number of notes\/patches was 24, 3 more than last month. The number of Hot News decreased from 6 to 5 this month&#8230;.<\/p>\n","protected":false},"author":6,"featured_media":8790,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[],"class_list":["post-8788","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, April 2023 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, April 2023\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-13T09:33:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-28T09:48:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, April 2023\",\"datePublished\":\"2023-04-13T09:33:40+00:00\",\"dateModified\":\"2023-12-28T09:48:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/\"},\"wordCount\":1007,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/notas-SAP-abril.jpg\",\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/\",\"name\":\"SAP Security Notes, April 2023 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/notas-SAP-abril.jpg\",\"datePublished\":\"2023-04-13T09:33:40+00:00\",\"dateModified\":\"2023-12-28T09:48:53+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/notas-SAP-abril.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/notas-SAP-abril.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2023\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, April 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, April 2023 - Inprosec","description":"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, April 2023","og_description":"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/","og_site_name":"Inprosec","article_published_time":"2023-04-13T09:33:40+00:00","article_modified_time":"2023-12-28T09:48:53+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, April 2023","datePublished":"2023-04-13T09:33:40+00:00","dateModified":"2023-12-28T09:48:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/"},"wordCount":1007,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg","articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/","name":"SAP Security Notes, April 2023 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg","datePublished":"2023-04-13T09:33:40+00:00","dateModified":"2023-12-28T09:48:53+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from April 2023, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/04\/notas-SAP-abril.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, April 2023"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=8788"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8788\/revisions"}],"predecessor-version":[{"id":9784,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8788\/revisions\/9784"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/8790"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=8788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=8788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=8788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}