As mentioned in the company’s May 2024 Security Patch Day, the National Computer Emergency Response Team (NCERT) has released a warning on serious vulnerabilities in SAP systems.
Updates for these vulnerabilities have been made available by SAP, a top supplier of enterprise software solutions, for a number of its products, including SAP CX Commerce, SAP Business Client, and SAP NetWeaver Application Server ABAP.
CVE-2024-33006 is one of the most worrying vulnerabilities since it can allow an attacker to take over the entire system.
NCERT alerts users of SAP products to the serious risks posed by the vulnerabilities addressed in these upgrades. These weaknesses have the potential to be exploited, which might result in data breaches, illegal access, and possible system compromise. The recommendation stresses how urgent action is required to reduce these risks and safeguard organizational resources.
According to the advisory, CVE-2024-33006, which affects SAP NetWeaver Application Server ABAP and ABAP Platform, has a 9.6 CVSS score. It makes it possible for malicious files to be uploaded to the server by unauthenticated attackers, which might result in a complete system compromise. Versions 700 through 758 of SAP BASIS are vulnerable to this vulnerability, which has to be fixed right away.