SAP Security Notes Summary – July 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
LOD-SF-EC | 3226411 | [CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS) | 8,1 | 26.07.2022 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 26.07.2022 |
BC-VCM-LVM | 3213141 | Information Disclosure in SAP Landscape Management | 7,3 | 26.07.2022 |
BC-MID-RFC | 2245130 | Potential bypass of unified connectivity runtime checks possible in BC-MID-RFC | 6,3 | 15.07.2022 |
CA-VE-VEV | 3220746 | [CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer | 3,3 | 12.07.2022 |
FI-FIO-AP | 3216161 | [CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA | 4,3 | 12.07.2022 |
FI-LOC-FI-ES | 3213826 | [CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia) | 5,4 | 12.07.2022 |
SBO-CRO-SEC | 3212997 | [CVE-2022-32249] Information Disclosure vulnerability in SAP Business One | 7,6 | 12.07.2022 |
EP-PIN-WPC | 3211760 | [CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC | 6,1 | 12.07.2022 |
SBO-CRO-SEC | 3211203 | [CVE-2022-35168] Denial of Service vulnerability in SAP Business One | 4,3 | 12.07.2022 |
EP-PIN-GPA | 3210779 | [CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal | 6,1 | 12.07.2022 |
EP-PIN-TOL | 3209557 | [CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 6,1 | 12.07.2022 |
EP-PIN-PRT | 3208880 | [CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 6,1 | 12.07.2022 |
EP-PIN-AI | 3208819 | [CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 6,1 | 12.07.2022 |
EP-PIN-URL | 3207902 | [CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 6,1 | 12.07.2022 |
SBO-CRO-SEC | 3157613 | [CVE-2022-28771] Missing Authentication check in SAP Business One (License service API) | 7,5 | 12.07.2022 |
IS-DFS-MM | 3196280 | [CVE-2022-31592] Missing Authorization check in EA-DFPS | 4,3 | 12.07.2022 |
SBO-CRO-SEC | 3191012 | [CVE-2022-31593] Code Injection vulnerability in SAP Business One | 7,4 | 12.07.2022 |
BI-BIP-ADM | 3169239 | [CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x | 6,5 | 12.07.2022 |
BI-BIP-IK-PAR-SAP | 3167430 | [CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service) | 5,6 | 12.07.2022 |
BI-BIP-CMC | 3221288 | [CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) | 8,3 | 12.07.2022 |
BI-BIP-CMC | 3213279 | [CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects | 5,4 | 12.07.2022 |
BI-BIP-VD | 3203079 | [CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application) | 5,4 | 12.07.2022 |
BI-BIP-SRV | 3194361 | [CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM) | 6 | 12.07.2022 |
BC-MID-RFC | 3150454 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,9 | 12.07.2022 |
BC-MID-RFC | 3150463 | Information Disclosure vulnerability in ABAP Platform | 4,9 | 12.07.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.