SAP Security Notes Summary – January 2023
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
| SAP Component | Number | Title | CVSS Score | Released On |
|---|---|---|---|---|
| BC-DB-HDB-POR | 3268172 | [CVE-2022-41264] Code Injection vulnerability in SAP BASIS | 8,8 | 24.01.2023 |
| BC-ABA-LA | 3283283 | [CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | 6,1 | 24.01.2023 |
| BI-RA-AWB | 3262810 | [CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP) | 9,9 | 10.01.2023 |
| FIN-FSCM-CLM-BAM | 3150704 | [CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks) | 4,5 | 10.01.2023 |
| BC-MID-CON-JCO | 3268093 | [CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java | 9,4 | 10.01.2023 |
| BI-RA-CR | 3266006 | [CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) | 5,4 | 10.01.2023 |
| BC-MID-RFC | 3089413 | [CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | 9 | 10.01.2023 |
| EPM-BPC-MS | 3275391 | [CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS | 9,9 | 10.01.2023 |
| BI-RA-WBI-FE | 3251447 | [CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) | 4,6 | 10.01.2023 |
| BC-CCM-HAG | 3276120 | [CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows) | 6,4 | 10.01.2023 |
| BI-RA-WBI-FE | 3243924 | [CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) | 9,9 | 10.01.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes