SAP Security Notes Summary – January 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
FI-FIO-AP | 3112928 | [CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA | 8,6 | 25.01.2022 |
BC-WD-ABA | 3107196 | Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP | 4,3 | 25.01.2022 |
BC-CCM-MON | 3112710 | [CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 4,3 | 25.01.2022 |
XX-SER-SN | 3131047 | [CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component | 10 | 18.01.2022 |
CA-DI-CP | 3130920 | Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise) | 10 | 18.01.2022 |
BC-NEO-SVC-IOT | 3132922 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform | 10 | 18.01.2022 |
IS-SE-CCO | 3133772 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout | 10 | 13.01.2022 |
KM-WPB-MGR | 3132964 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager | 10 | 11.01.2022 |
BC-INS-TC-CNT | 3123196 | [CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP | 8,4 | 11.01.2022 |
BC-XI-CON-JWS | 3135581 | Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration | 6,6 | 11.01.2022 |
XX-PART-TRI-CLD-ECT | 3134139 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis | 10 | 11.01.2022 |
BC-XI-CON-JWS | 3133005 | Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration | 5,3 | 11.01.2022 |
BC-XI-CON-JWS | 3132204 | Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration | 8,5 | 11.01.2022 |
BC-XI-CON-JWS | 3130521 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration | 9,9 | 11.01.2022 |
IOT-BSV-HS-MS | 3132058 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability | 10 | 11.01.2022 |
IOT-BSV-HS-MS | 3136988 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure | 10 | 11.01.2022 |
MFG-DM-EDGE | 3136094 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing | 10 | 11.01.2022 |
BC-SEC-ETD | 3124597 | [CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection | 6,1 | 11.01.2022 |
SBO-CRO-SEC | 3106528 | [CVE-2021-44234] Information Disclosure vulnerability in SAP Business One | 6,5 | 11.01.2022 |
SBO-CRO-SEC | 3101299 | [CVE-2021-42066] Information Disclosure vulnerability in SAP Business One | 6,6 | 11.01.2022 |
IOT-EDG-OP | 3132909 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition | 10 | 11.01.2022 |
SBO-CRO-SEC | 3131740 | [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One | 9,8 | 11.01.2022 |
GRC-ACP | 3080816 | [CVE-2021-44233] Missing Authorization check in GRC Access Control | 2,4 | 05.01.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.