{"id":9522,"date":"2023-10-16T11:15:16","date_gmt":"2023-10-16T09:15:16","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=9522"},"modified":"2023-12-28T11:37:55","modified_gmt":"2023-12-28T09:37:55","slug":"sap-security-notes-october-2023","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/","title":{"rendered":"SAP Security Notes, October 2023"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<h2>October 2023 notes<\/h2>\n<h3>Summary and highlights of the month<\/h3>\n<p>The total number of notes\/patches was 9, 9 less than last month. The number of Hot News was 1, 4 less than last month. On the other hand, it is worth noting that the number of high criticality notes decreased from 2 to 0. As usual we will leave the medium and low notes unreviewed this month, but <strong>we will give details of a total of 1 note<\/strong> (all those with a CVSS of 7 or higher).<\/p>\n<p>We have a total of 9 scores for the whole month (the 9 from patch Tuesday, 7 new and 2 updates, that&#8217;s 9 scores less than last patch Tuesday).<\/p>\n<p>We will review in detail this month&#8217;s HotNews, which is an update (those of CVSS greater than or equal to 7).<\/p>\n<ul>\n<li><strong>The most critical note of the month (with CVSS <span style=\"color: #ff0000;\">10<\/span>)<\/strong> is an update of the usual note related to<strong> &#8220;Google Chromium&#8221;.<\/strong><\/li>\n<li>This month the most predominant type is <strong>&#8220;Log Injection vulnerability&#8221;<\/strong> (2\/9 on patch day).<\/li>\n<\/ul>\n<p>In the graph (post October 2023 by SAP) we can see the <strong><span style=\"text-decoration: underline;\">ranking of the October notes<\/span>,<\/strong> in addition to the evolution and ranking of the last 5 previous months (only the notes of Sec. Tuesday \/ Patch Day &#8211; by SAP):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter  wp-image-9526\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023-1.jpg\" alt=\"\" width=\"700\" height=\"366\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023-1.jpg 1200w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023-1-300x157.jpg 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023-1-1024x535.jpg 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023-1-600x314.jpg 600w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<h3>Full details<\/h3>\n<p>The <strong>complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n<ol>\n<li><strong><u>Update &#8211; Security updates for the browser control Google Chromium delivered with SAP Business Client (2622660):<\/u><\/strong> This security note addresses multiple vulnerabilities in the 3rd party web browser control Chromium, which can be used within SAP Business Client. This note will be modified periodically based on web browser updates by the open-source project Chromium. The note priority is based on the highest CVSS score of all the vulnerabilities fixed in the latest browser release. If the SAP Business Client release is not updated to the latest patch level, displaying web pages in SAP Business Client via this open-source browser control might lead to different vulnerabilities like memory corruption, Information Disclosure and the like. The solution will be to update the SAP Business Client patch to the newest one, which contains the most current stable major release of the Chromium browser control, which passed the SAP internal quality measurements of SAP Business Client. The note has been re-released with updated \u2018Solution\u2019 and \u2018Support Packages &amp; Patches\u2019 information. <strong>CVSS v3 Base Score: <\/strong><span style=\"color: #ff0000;\"><strong>10<\/strong><\/span><strong> \/ 10 (Multiple CVE\u00b4s).<\/strong><\/li>\n<\/ol>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Other references, from SAP and Onapsis (September):<\/p>\n<p><a href=\"https:\/\/ddec1-0-en-ctp.trendmicro.com:443\/wis\/clicktime\/v1\/query?url=https%3a%2f%2fdam.sap.com%2fmac%2fapp%2fe%2fpdf%2fpreview%2fembed%2fucQrx6G%3fltr%3da%26rc%3d10&amp;umid=8780927f-e301-4dbb-b956-0ee07e663535&amp;auth=708978c2440d0c6de95dfde6471e502ec413f9a9-7b931f29de852470f9891be8f0e84f4998e8e703\">Digital Library (sap.com)<\/a><\/p>\n<p><a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-october-2023\">SAP Security Patch Day for October 2023 | Onapsis<\/a><\/p>\n<h3 style=\"font-weight: 400;\"><strong><u>Resources affected<\/u><\/strong><\/h3>\n<div class=\"w-post-elm post_content\">\n<ul>\n<li>SAP Business Client, Versions -6.5, 7.0, 7.70<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. October 2023 notes Summary and highlights of the month The total number of notes\/patches was 9, 9 less than last month. The number of Hot News was 1, 4 less than last month&#8230;.<\/p>\n","protected":false},"author":6,"featured_media":9524,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[],"class_list":["post-9522","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, October 2023 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, October 2023\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-16T09:15:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-28T09:37:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, October 2023\",\"datePublished\":\"2023-10-16T09:15:16+00:00\",\"dateModified\":\"2023-12-28T09:37:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/\"},\"wordCount\":435,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/notas-sap-octubre-2023.jpg\",\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/\",\"name\":\"SAP Security Notes, October 2023 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/notas-sap-octubre-2023.jpg\",\"datePublished\":\"2023-10-16T09:15:16+00:00\",\"dateModified\":\"2023-12-28T09:37:55+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/notas-sap-octubre-2023.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/notas-sap-octubre-2023.jpg\",\"width\":1200,\"height\":627},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2023\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, October 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, October 2023 - Inprosec","description":"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, October 2023","og_description":"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/","og_site_name":"Inprosec","article_published_time":"2023-10-16T09:15:16+00:00","article_modified_time":"2023-12-28T09:37:55+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, October 2023","datePublished":"2023-10-16T09:15:16+00:00","dateModified":"2023-12-28T09:37:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/"},"wordCount":435,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg","articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/","name":"SAP Security Notes, October 2023 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg","datePublished":"2023-10-16T09:15:16+00:00","dateModified":"2023-12-28T09:37:55+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from October 2023, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/10\/notas-sap-octubre-2023.jpg","width":1200,"height":627},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, October 2023"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/9522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=9522"}],"version-history":[{"count":1,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/9522\/revisions"}],"predecessor-version":[{"id":9528,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/9522\/revisions\/9528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/9524"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=9522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=9522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=9522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}