SAP Security Notes Summary – July 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,126.07.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1026.07.2022
BC-VCM-LVM3213141Information Disclosure in SAP Landscape Management7,326.07.2022
BC-MID-RFC2245130Potential bypass of unified connectivity runtime checks possible in BC-MID-RFC6,315.07.2022
CA-VE-VEV3220746[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer3,312.07.2022
FI-FIO-AP3216161[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA4,312.07.2022
FI-LOC-FI-ES3213826[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)5,412.07.2022
SBO-CRO-SEC3212997[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One7,612.07.2022
EP-PIN-WPC3211760[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC6,112.07.2022
SBO-CRO-SEC3211203[CVE-2022-35168] Denial of Service vulnerability in SAP Business One4,312.07.2022
EP-PIN-GPA3210779[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal6,112.07.2022
EP-PIN-TOL3209557[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-PRT3208880[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-AI3208819[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
EP-PIN-URL3207902[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,112.07.2022
SBO-CRO-SEC3157613[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)7,512.07.2022
IS-DFS-MM3196280[CVE-2022-31592] Missing Authorization check in EA-DFPS4,312.07.2022
SBO-CRO-SEC3191012[CVE-2022-31593] Code Injection vulnerability in SAP Business One7,412.07.2022
BI-BIP-ADM3169239[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x6,512.07.2022
BI-BIP-IK-PAR-SAP3167430[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)5,612.07.2022
BI-BIP-CMC3221288[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)8,312.07.2022
BI-BIP-CMC3213279[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects5,412.07.2022
BI-BIP-VD3203079[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)5,412.07.2022
BI-BIP-SRV3194361[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)612.07.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,912.07.2022
BC-MID-RFC3150463Information Disclosure vulnerability in ABAP Platform4,912.07.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy