SAP Security Notes Summary – December 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-XI-CON-MSG3267780[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)9,423.12.2022
BC-XI-CON-UDS3273480[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)9,923.12.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1013.12.2022
SV-SMG-DIA-SRV-AGT3265173[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)613.12.2022
BC-BSP3258950Update 1 to Security Note 2872782 – [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)6,113.12.2022
BC-EIM-ESH3271313[CVE-2022-41275] Open redirect in SAP Solution Manager (Enterprise Search)6,113.12.2022
BI-BIP-SRV3239475[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform9,913.12.2022
EPM-DSM-GEN3266846[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management6,513.12.2022
BC-JAS-WEB3262544[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)6,113.12.2022
CEC-COM-CPS3248255[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce813.12.2022
BI-RA-WBI3249648[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)4,313.12.2022
CEC-COM-CPS-COR3271523Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce9,813.12.2022
EPM-BPC-NW3271091[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation8,513.12.2022
BC-DB-HDB-POR3268172[CVE-2022-41264] Code Injection vulnerability in SAP BASIS8,813.12.2022
SRM-ESO-SEC3270399[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management4,313.12.2022
BC-BSP2872782[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT006,113.12.2022
CA-MDG-APP-CUS3234755Information Disclosure vulnerability in Master Data Governance4,313.12.2022
BI-BIP-ADM3229132[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)8,213.12.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy