SAP Security Notes Summary – March 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
PLM-INM3165856[CVE-2022-27658] Missing authorization check in SAP Innovation Management4,328.03.2022
LO-MD-BP3142092[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)6,522.03.2022
BC-CST-IC3123396[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher1022.03.2022
BC-CST-IC3123427[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java8,122.03.2022
BC-CST-WDP3080567[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher8,922.03.2022
BC-CST3116223[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)3,722.03.2022
FIN-FSCM-PF3104349Missing authorization check in S/4HANA finance for advanced payment management3,322.03.2022
CA-FLP-FE-COR3149805[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad8,222.03.2022
FI-LOC-SRF-RUN2784596Cross-Site Request Forgery (CSRF) vulnerability in Run Compliance Report4,208.03.2022
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1008.03.2022
EP-PIN-RTM3132360[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)3,708.03.2022
BC-INS-TLS3111110[CVE-2022-26100] Denial of service (DOS) in SAPCAR4,808.03.2022
BI-BIP-SL-ENG-OLA3103424[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform508.03.2022
MOB-SYC-SAP-WM3154684[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager1008.03.2022
SV-FRN-APP-RUM3147283[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)5,408.03.2022
SV-FRN-INF-SDA3147102[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)5,308.03.2022
EP-PIN-NAV3146261[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,108.03.2022
BC-ABA-SC3145997[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP5,408.03.2022
SV-FRN-INF-SDA3145987[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)9,308.03.2022
EPM-BFC-PSI-INS3144941[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation5,408.03.2022
BC-JAS-WEB1753378Directory traversal in Web Container5,308.03.2022
EP-PIN-NAV3146260[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6,108.03.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy