SAP Security Notes Summary – February 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,522.02.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1008.02.2022
XX-PART-NXL3139893[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management1008.02.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1008.02.2022
CA-VE-VEV3134684[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,308.02.2022
BC-MID-RFC3128473[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,908.02.2022
BI-RA-WBI-FE-HTM3126748[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)5,408.02.2022
PY-PT3126489[CVE-2022-22535] Missing Authorization check in SAP ERP HCM6,508.02.2022
BC-CCM-PRN-PC3124994[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver4,708.02.2022
BC-CST-IC3123396[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher1008.02.2022
BC-CST-IC3123427[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java8,108.02.2022
FI-CAX-FS2531036Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)6,308.02.2022
BC-CST3116223[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)3,708.02.2022
CEC-COM-CPS-WEB3142773[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce1008.02.2022
SV-SMG-DIA3140940[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools9,108.02.2022
WP-WSR3140587[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)7,108.02.2022
BC-SYB-ASE3140564[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise5,608.02.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy