SAP Security Notes Summary – May 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
XX-SER-SN3170990[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework9,810.05.2022
BI-BIP-INS2998510[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update7,810.05.2022
FI-FIO-AP2756188Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end6,310.05.2022
FI-FIO-AP2754555Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end6,310.05.2022
BC-ABA-LI3165801[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform6,510.05.2022
PA-FIO-LEA3164677[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)6,510.05.2022
BC-CCM-HAG3158188[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile5,310.05.2022
SBO-CRO-SEC3189409[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud9,810.05.2022
CA-UI2-THD3146336[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP5,410.05.2022
BC-CST-MS3145702[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform5,310.05.2022
BC-CST-WDP3145046[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)8,310.05.2022
CA-UI5-FL-LRP3143161Missing Authorization check for UI5 flexibility key user functionality4,310.05.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,710.05.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy