SAP Security Notes Summary – June 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,529.06.2022
IS-A2726124Missing Authorization Check in multiple components under SAP Automotive Solutions6,328.06.2022
BC-JAS-ADM-ADM3147498Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services7,428.06.2022
BC-ABA-LI3165801[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform6,528.06.2022
BC-DB-SYB3155571[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)3,228.06.2022
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1014.06.2022
CA-VE-VEV3206271[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer6,514.06.2022
EPM-BFC-PRO3158815[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation514.06.2022
BC-CST-STS3158619[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database4,914.06.2022
BC-CST-NI3158375[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform8,614.06.2022
PY-BR3134161Missing Authorization check in SAP ERP HCM6,514.06.2022
BC-DWB-JAV-COR3202846[CVE-2022-29615]  Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)3,414.06.2022
BC-CTS-DTR3197927[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)6,114.06.2022
BC-SYB-PD3197005[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.77,814.06.2022
BC-CST-STS3194674[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent514.06.2022
FI-LOC-FI-IL-AP3203065[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.514.06.2022
FIN-FSCM-PF3104349Missing authorization check in S/4HANA finance for advanced payment management3,314.06.2022
CEC-MKT-CPG3191812Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App3,714.06.2022
CEC-MKT-CPG3190675Unsafe use of target blank in SAP Marketing Campaigns.3,714.06.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy