SAP Security Notes Summary – April 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
BC-CCM-PRN-PC3124994[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver4,726.04.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,726.04.2022
BI-BIP-ADM3137191[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform6,826.04.2022
XX-SER-SN3170990[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework9,819.04.2022
CEC-COM-CPS-WEB3171258[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce9,818.04.2022
IS-T-MA3189635[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics9,814.04.2022
IS-SE-CCO3187290[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout9,812.04.2022
BC-SYB-PD3189429[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (upto including 16.7 SP05 PL01)9,812.04.2022
BI-DEV-WEB3055044[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje – SOAP Web services)5,412.04.2022
EP-PIN-PRT3163583[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.04.2022
SV-FRN-INF-SDA3159091[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)2,712.04.2022
MFG-MII3158613Update 1 to Security Note 3022622 – [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence9,112.04.2022
CEC-COM-CPS3155609Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce712.04.2022
BC-WD-UR2978151Reverse tabnabbing issue in Unified Rendering based frameworks in NetWeaver Application Server Java4,712.04.2022
BC-FES-GUI3132633Information Disclosure vulnerability in SAP GUI for Windows5,412.04.2022
BI-BIP-CMC3130497[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.8,212.04.2022
BC-CST-WDP3111293[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)4,912.04.2022
BC-CST-WDP3111311[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)7,512.04.2022
CA-WUI-UI3101986Enable CSP support for OP1909 in SAP CRM WebClient UI4,112.04.2022
BC-ILM-DAS3152442[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service5,312.04.2022
BI-BIP-BIW3150845[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)4,312.04.2022
EP-PIN-WPC3148377[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC6,512.04.2022
BC-SYB-SQA3148094[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere6,512.04.2022
BI-BIP-ADM3145769[CVE-2022-27667] Information Disclosure vulnerability in CMC5,312.04.2022
CA-VE-VEV3143437[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer6,512.04.2022
XX-PART-ADB-IFM3138299[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)4,112.04.2022
BC-MID-RFC3128473[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,912.04.2022
CA-GTF-VBZ3126557[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)6,112.04.2022
MFG-MII3022622[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence9,112.04.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.04.2022
CA-UI5-COR-FND3163703Multiple Vulnerabilities in URI.js bundled with SAPUI56,112.04.2022
BC-XS-SEC3189428[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services9,812.04.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy