Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
|SAP Component||Number||Title||CVSS Score||Released On|
|XX-SER-SN||3170990||[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework||9,8||10.05.2022|
|BI-BIP-INS||2998510||[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update||7,8||10.05.2022|
|FI-FIO-AP||2756188||Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end||6,3||10.05.2022|
|FI-FIO-AP||2754555||Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end||6,3||10.05.2022|
|BC-ABA-LI||3165801||[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform||6,5||10.05.2022|
|PA-FIO-LEA||3164677||[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)||6,5||10.05.2022|
|BC-CCM-HAG||3158188||[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile||5,3||10.05.2022|
|SBO-CRO-SEC||3189409||[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud||9,8||10.05.2022|
|CA-UI2-THD||3146336||[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP||5,4||10.05.2022|
|BC-CST-MS||3145702||[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform||5,3||10.05.2022|
|BC-CST-WDP||3145046||[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)||8,3||10.05.2022|
|CA-UI5-FL-LRP||3143161||Missing Authorization check for UI5 flexibility key user functionality||4,3||10.05.2022|
|BC-MID-ICF||3165333||[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform||4,7||10.05.2022|
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.