SAP Security Notes Summary – August 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-MID-RFC | 3150454 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,9 | 23.08.2022 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 23.08.2022 |
KM-KW-HTA | 3102769 | [CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse | 8,8 | 23.08.2022 |
BC-FES-BUS-DSK | 3156484 | Information Disclosure vulnerability in SAP Business Client | 6,5 | 09.08.2022 |
IS-A | 2726124 | Missing Authorization Check in multiple components under SAP Automotive Solutions | 6,3 | 09.08.2022 |
BI-BIP-CMC | 3213524 | [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) | 5,2 | 09.08.2022 |
BI-BIP-ADM | 3213507 | [CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) | 5,2 | 09.08.2022 |
BI-BIP-INV | 3210823 | [CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document) | 8,2 | 09.08.2022 |
KM-SEN-MGR | 3210566 | [CVE-2022-35293] Missing authorization check in SAP Enable Now Manager | 4,2 | 09.08.2022 |
XX-CSC-PT-LO | 2522794 | Missing Authorization check in Portugal Digital Signature | 6,3 | 09.08.2022 |
BC-IAM-SSO-OTP | 3216653 | [CVE-2022-35290] Information Disclosure in SAP Authenticator for Android | 5,3 | 09.08.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.