SAP Security Notes Summary – January 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
FI-FIO-AP3112928[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA8,625.01.2022
BC-WD-ABA3107196Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP4,325.01.2022
BC-CCM-MON3112710[CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4,325.01.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1018.01.2022
CA-DI-CP3130920Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)1018.01.2022
BC-NEO-SVC-IOT3132922[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform1018.01.2022
IS-SE-CCO3133772[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout1013.01.2022
KM-WPB-MGR3132964[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager1011.01.2022
BC-INS-TC-CNT3123196[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP8,411.01.2022
BC-XI-CON-JWS3135581Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration6,611.01.2022
XX-PART-TRI-CLD-ECT3134139[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis1011.01.2022
BC-XI-CON-JWS3133005Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration5,311.01.2022
BC-XI-CON-JWS3132204Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration8,511.01.2022
BC-XI-CON-JWS3130521[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration9,911.01.2022
IOT-BSV-HS-MS3132058[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability1011.01.2022
IOT-BSV-HS-MS3136988[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure1011.01.2022
MFG-DM-EDGE3136094[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing1011.01.2022
BC-SEC-ETD3124597[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection6,111.01.2022
SBO-CRO-SEC3106528[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One6,511.01.2022
SBO-CRO-SEC3101299[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One6,611.01.2022
IOT-EDG-OP3132909[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition1011.01.2022
SBO-CRO-SEC3131740[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One9,811.01.2022
GRC-ACP3080816[CVE-2021-44233] Missing Authorization check in GRC Access Control2,405.01.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy