SAP Security Notes Summary – April 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-CCM-PRN-PC3124994[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver4,726.04.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,726.04.2022
BI-BIP-ADM3137191[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform6,826.04.2022
XX-SER-SN3170990[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework9,819.04.2022
CEC-COM-CPS-WEB3171258[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce9,818.04.2022
IS-T-MA3189635[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics9,814.04.2022
IS-SE-CCO3187290[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout9,812.04.2022
BC-SYB-PD3189429[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (upto including 16.7 SP05 PL01)9,812.04.2022
BI-DEV-WEB3055044[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje – SOAP Web services)5,412.04.2022
EP-PIN-PRT3163583[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.04.2022
SV-FRN-INF-SDA3159091[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)2,712.04.2022
MFG-MII3158613Update 1 to Security Note 3022622 – [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence9,112.04.2022
CEC-COM-CPS3155609Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce712.04.2022
BC-WD-UR2978151Reverse tabnabbing issue in Unified Rendering based frameworks in NetWeaver Application Server Java4,712.04.2022
BC-FES-GUI3132633Information Disclosure vulnerability in SAP GUI for Windows5,412.04.2022
BI-BIP-CMC3130497[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.8,212.04.2022
BC-CST-WDP3111293[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)4,912.04.2022
BC-CST-WDP3111311[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)7,512.04.2022
CA-WUI-UI3101986Enable CSP support for OP1909 in SAP CRM WebClient UI4,112.04.2022
BC-ILM-DAS3152442[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service5,312.04.2022
BI-BIP-BIW3150845[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)4,312.04.2022
EP-PIN-WPC3148377[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC6,512.04.2022
BC-SYB-SQA3148094[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere6,512.04.2022
BI-BIP-ADM3145769[CVE-2022-27667] Information Disclosure vulnerability in CMC5,312.04.2022
CA-VE-VEV3143437[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer6,512.04.2022
XX-PART-ADB-IFM3138299[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)4,112.04.2022
BC-MID-RFC3128473[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,912.04.2022
CA-GTF-VBZ3126557[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)6,112.04.2022
MFG-MII3022622[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence9,112.04.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.04.2022
CA-UI5-COR-FND3163703Multiple Vulnerabilities in URI.js bundled with SAPUI56,112.04.2022
BC-XS-SEC3189428[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services9,812.04.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy