SAP Security Notes Summary – December 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-XI-CON-MSG3267780[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)9,423.12.2022
BC-XI-CON-UDS3273480[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)9,923.12.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1013.12.2022
SV-SMG-DIA-SRV-AGT3265173[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)613.12.2022
BC-BSP3258950Update 1 to Security Note 2872782 – [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)6,113.12.2022
BC-EIM-ESH3271313[CVE-2022-41275] Open redirect in SAP Solution Manager (Enterprise Search)6,113.12.2022
BI-BIP-SRV3239475[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform9,913.12.2022
EPM-DSM-GEN3266846[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management6,513.12.2022
BC-JAS-WEB3262544[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)6,113.12.2022
CEC-COM-CPS3248255[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce813.12.2022
BI-RA-WBI3249648[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)4,313.12.2022
CEC-COM-CPS-COR3271523Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce9,813.12.2022
EPM-BPC-NW3271091[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation8,513.12.2022
BC-DB-HDB-POR3268172[CVE-2022-41264] Code Injection vulnerability in SAP BASIS8,813.12.2022
SRM-ESO-SEC3270399[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management4,313.12.2022
BC-BSP2872782[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT006,113.12.2022
CA-MDG-APP-CUS3234755Information Disclosure vulnerability in Master Data Governance4,313.12.2022
BI-BIP-ADM3229132[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)8,213.12.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Copyright © 2023. SAPBasisWorld.com Privacy Policy