SAP Security Notes Summary – February 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
LO-MD-BP | 3142092 | [CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) | 6,5 | 22.02.2022 |
XX-SER-SN | 3131047 | [CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component | 10 | 08.02.2022 |
XX-PART-NXL | 3139893 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management | 10 | 08.02.2022 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 08.02.2022 |
CA-VE-VEV | 3134684 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer | 4,3 | 08.02.2022 |
BC-MID-RFC | 3128473 | [CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,9 | 08.02.2022 |
BI-RA-WBI-FE-HTM | 3126748 | [CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) | 5,4 | 08.02.2022 |
PY-PT | 3126489 | [CVE-2022-22535] Missing Authorization check in SAP ERP HCM | 6,5 | 08.02.2022 |
BC-CCM-PRN-PC | 3124994 | [CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver | 4,7 | 08.02.2022 |
BC-CST-IC | 3123396 | [CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher | 10 | 08.02.2022 |
BC-CST-IC | 3123427 | [CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java | 8,1 | 08.02.2022 |
FI-CAX-FS | 2531036 | Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS) | 6,3 | 08.02.2022 |
BC-CST | 3116223 | [CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) | 3,7 | 08.02.2022 |
CEC-COM-CPS-WEB | 3142773 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce | 10 | 08.02.2022 |
SV-SMG-DIA | 3140940 | [CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools | 9,1 | 08.02.2022 |
WP-WSR | 3140587 | [CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server) | 7,1 | 08.02.2022 |
BC-SYB-ASE | 3140564 | [CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise | 5,6 | 08.02.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.