SAP Security Notes Summary – June 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,529.06.2022
IS-A2726124Missing Authorization Check in multiple components under SAP Automotive Solutions6,328.06.2022
BC-JAS-ADM-ADM3147498Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services7,428.06.2022
BC-ABA-LI3165801[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform6,528.06.2022
BC-DB-SYB3155571[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)3,228.06.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1014.06.2022
CA-VE-VEV3206271[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer6,514.06.2022
EPM-BFC-PRO3158815[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation514.06.2022
BC-CST-STS3158619[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database4,914.06.2022
BC-CST-NI3158375[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform8,614.06.2022
PY-BR3134161Missing Authorization check in SAP ERP HCM6,514.06.2022
BC-DWB-JAV-COR3202846[CVE-2022-29615]  Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)3,414.06.2022
BC-CTS-DTR3197927[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)6,114.06.2022
BC-SYB-PD3197005[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.77,814.06.2022
BC-CST-STS3194674[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent514.06.2022
FI-LOC-FI-IL-AP3203065[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.514.06.2022
FIN-FSCM-PF3104349Missing authorization check in S/4HANA finance for advanced payment management3,314.06.2022
CEC-MKT-CPG3191812Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App3,714.06.2022
CEC-MKT-CPG3190675Unsafe use of target blank in SAP Marketing Campaigns.3,714.06.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy