SAP Security Notes Summary – January 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
FI-FIO-AP3112928[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA8,625.01.2022
BC-WD-ABA3107196Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP4,325.01.2022
BC-CCM-MON3112710[CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4,325.01.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1018.01.2022
CA-DI-CP3130920Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)1018.01.2022
BC-NEO-SVC-IOT3132922[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform1018.01.2022
IS-SE-CCO3133772[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout1013.01.2022
KM-WPB-MGR3132964[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager1011.01.2022
BC-INS-TC-CNT3123196[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP8,411.01.2022
BC-XI-CON-JWS3135581Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration6,611.01.2022
XX-PART-TRI-CLD-ECT3134139[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis1011.01.2022
BC-XI-CON-JWS3133005Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration5,311.01.2022
BC-XI-CON-JWS3132204Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration8,511.01.2022
BC-XI-CON-JWS3130521[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration9,911.01.2022
IOT-BSV-HS-MS3132058[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability1011.01.2022
IOT-BSV-HS-MS3136988[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure1011.01.2022
MFG-DM-EDGE3136094[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing1011.01.2022
BC-SEC-ETD3124597[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection6,111.01.2022
SBO-CRO-SEC3106528[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One6,511.01.2022
SBO-CRO-SEC3101299[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One6,611.01.2022
IOT-EDG-OP3132909[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition1011.01.2022
SBO-CRO-SEC3131740[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One9,811.01.2022
GRC-ACP3080816[CVE-2021-44233] Missing Authorization check in GRC Access Control2,405.01.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy