Security News > 2023 > April > SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
In total, SAP has released 24 notes, 19 of which concern new issues of varying importance, and five are updates to previous bulletins.
CVE-2023-29186: Directory traversal flaw impacting SAP NetWeaver versions 707, 737, 747, and 757, allowing an attacker to upload and overwrite files on the vulnerable SAP server.
The remaining 11 security flaws disclosed in SAP's latest security bulletin concern low to medium-severity vulnerabilities.
In February 2022, the US Cybersecurity and Infrastructure Security Agency urged admins to patch a set of severe vulnerabilities impacting SAP business apps to prevent data theft, ransomware attacks, and disruption of mission-critical processes and operations.
In April 2021, threat actors were observed attacking fixed flaws in unpatched SAP systems to gain access to corporate networks.