SAP Security Notes Summary – July 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,126.07.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1026.07.2022
BC-VCM-LVM3213141Information Disclosure in SAP Landscape Management7,326.07.2022
BC-MID-RFC2245130Potential bypass of unified connectivity runtime checks possible in BC-MID-RFC6,315.07.2022
CA-VE-VEV3220746[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer3,312.07.2022
FI-FIO-AP3216161[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA4,312.07.2022
FI-LOC-FI-ES3213826[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)5,412.07.2022
SBO-CRO-SEC3212997[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One7,612.07.2022
EP-PIN-WPC3211760[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC6,112.07.2022
SBO-CRO-SEC3211203[CVE-2022-35168] Denial of Service vulnerability in SAP Business One4,312.07.2022
EP-PIN-GPA3210779[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal6,112.07.2022
EP-PIN-TOL3209557[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-PRT3208880[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-AI3208819[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-URL3207902[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
SBO-CRO-SEC3157613[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)7,512.07.2022
IS-DFS-MM3196280[CVE-2022-31592] Missing Authorization check in EA-DFPS4,312.07.2022
SBO-CRO-SEC3191012[CVE-2022-31593] Code Injection vulnerability in SAP Business One7,412.07.2022
BI-BIP-ADM3169239[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x6,512.07.2022
BI-BIP-IK-PAR-SAP3167430[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)5,612.07.2022
BI-BIP-CMC3221288[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)8,312.07.2022
BI-BIP-CMC3213279[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects5,412.07.2022
BI-BIP-VD3203079[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)5,412.07.2022
BI-BIP-SRV3194361[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)612.07.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,912.07.2022
BC-MID-RFC3150463Information Disclosure vulnerability in ABAP Platform4,912.07.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy