SAP Security Notes Summary – January 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-DB-HDB-POR3268172[CVE-2022-41264] Code Injection vulnerability in SAP BASIS8,824.01.2023
BC-ABA-LA3283283[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform6,124.01.2023
BI-RA-AWB3262810[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)9,910.01.2023
FIN-FSCM-CLM-BAM3150704[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)4,510.01.2023
BC-MID-CON-JCO3268093[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java9,410.01.2023
BI-RA-CR3266006[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)5,410.01.2023
BC-MID-RFC3089413[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform910.01.2023
EPM-BPC-MS3275391[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS9,910.01.2023
BI-RA-WBI-FE3251447[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)4,610.01.2023
BC-CCM-HAG3276120[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)6,410.01.2023
BI-RA-WBI-FE3243924[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)9,910.01.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Copyright © 2023. SAPBasisWorld.com Privacy Policy