SAP Security Notes Summary – January 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-DB-HDB-POR3268172[CVE-2022-41264] Code Injection vulnerability in SAP BASIS8,824.01.2023
BC-ABA-LA3283283[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform6,124.01.2023
BI-RA-AWB3262810[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)9,910.01.2023
FIN-FSCM-CLM-BAM3150704[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)4,510.01.2023
BC-MID-CON-JCO3268093[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java9,410.01.2023
BI-RA-CR3266006[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)5,410.01.2023
BC-MID-RFC3089413[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform910.01.2023
EPM-BPC-MS3275391[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS9,910.01.2023
BI-RA-WBI-FE3251447[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)4,610.01.2023
BC-CCM-HAG3276120[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)6,410.01.2023
BI-RA-WBI-FE3243924[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)9,910.01.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy