Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
|SAP Component||Number||Title||CVSS Score||Released On|
|BC-MID-RFC||3150454||Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform||4,9||23.08.2022|
|BC-FES-BUS-DSK||2622660||Security updates for the browser control Google Chromium delivered with SAP Business Client||10||23.08.2022|
|KM-KW-HTA||3102769||[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse||8,8||23.08.2022|
|BC-FES-BUS-DSK||3156484||Information Disclosure vulnerability in SAP Business Client||6,5||09.08.2022|
|IS-A||2726124||Missing Authorization Check in multiple components under SAP Automotive Solutions||6,3||09.08.2022|
|BI-BIP-CMC||3213524||[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)||5,2||09.08.2022|
|BI-BIP-ADM||3213507||[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)||5,2||09.08.2022|
|BI-BIP-INV||3210823||[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)||8,2||09.08.2022|
|KM-SEN-MGR||3210566||[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager||4,2||09.08.2022|
|XX-CSC-PT-LO||2522794||Missing Authorization check in Portugal Digital Signature||6,3||09.08.2022|
|BC-IAM-SSO-OTP||3216653||[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android||5,3||09.08.2022|
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.