SAP Security Notes Summary – February 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,522.02.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1008.02.2022
XX-PART-NXL3139893[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management1008.02.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1008.02.2022
CA-VE-VEV3134684[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,308.02.2022
BC-MID-RFC3128473[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,908.02.2022
BI-RA-WBI-FE-HTM3126748[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)5,408.02.2022
PY-PT3126489[CVE-2022-22535] Missing Authorization check in SAP ERP HCM6,508.02.2022
BC-CCM-PRN-PC3124994[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver4,708.02.2022
BC-CST-IC3123396[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher1008.02.2022
BC-CST-IC3123427[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java8,108.02.2022
FI-CAX-FS2531036Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)6,308.02.2022
BC-CST3116223[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)3,708.02.2022
CEC-COM-CPS-WEB3142773[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce1008.02.2022
SV-SMG-DIA3140940[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools9,108.02.2022
WP-WSR3140587[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)7,108.02.2022
BC-SYB-ASE3140564[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise5,608.02.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy