SAP Security Notes Summary – March 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
PLM-INM3165856[CVE-2022-27658] Missing authorization check in SAP Innovation Management4,328.03.2022
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,522.03.2022
BC-CST-IC3123396[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher1022.03.2022
BC-CST-IC3123427[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java8,122.03.2022
BC-CST-WDP3080567[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher8,922.03.2022
BC-CST3116223[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)3,722.03.2022
FIN-FSCM-PF3104349Missing authorization check in S/4HANA finance for advanced payment management3,322.03.2022
CA-FLP-FE-COR3149805[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad8,222.03.2022
FI-LOC-SRF-RUN2784596Cross-Site Request Forgery (CSRF) vulnerability in Run Compliance Report4,208.03.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1008.03.2022
EP-PIN-RTM3132360[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)3,708.03.2022
BC-INS-TLS3111110[CVE-2022-26100] Denial of service (DOS) in SAPCAR4,808.03.2022
BI-BIP-SL-ENG-OLA3103424[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform508.03.2022
MOB-SYC-SAP-WM3154684[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager1008.03.2022
SV-FRN-APP-RUM3147283[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)5,408.03.2022
SV-FRN-INF-SDA3147102[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)5,308.03.2022
EP-PIN-NAV3146261[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,108.03.2022
BC-ABA-SC3145997[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP5,408.03.2022
SV-FRN-INF-SDA3145987[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)9,308.03.2022
EPM-BFC-PSI-INS3144941[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation5,408.03.2022
BC-JAS-WEB1753378Directory traversal in Web Container5,308.03.2022
EP-PIN-NAV3146260[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,108.03.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy