SAP Security Notes Summary – May 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
XX-SER-SN | 3170990 | [CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework | 9,8 | 10.05.2022 |
BI-BIP-INS | 2998510 | [CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update | 7,8 | 10.05.2022 |
FI-FIO-AP | 2756188 | Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end | 6,3 | 10.05.2022 |
FI-FIO-AP | 2754555 | Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end | 6,3 | 10.05.2022 |
BC-ABA-LI | 3165801 | [CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | 6,5 | 10.05.2022 |
PA-FIO-LEA | 3164677 | [CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request) | 6,5 | 10.05.2022 |
BC-CCM-HAG | 3158188 | [CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile | 5,3 | 10.05.2022 |
SBO-CRO-SEC | 3189409 | [CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud | 9,8 | 10.05.2022 |
CA-UI2-THD | 3146336 | [CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP | 5,4 | 10.05.2022 |
BC-CST-MS | 3145702 | [CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform | 5,3 | 10.05.2022 |
BC-CST-WDP | 3145046 | [CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM) | 8,3 | 10.05.2022 |
CA-UI5-FL-LRP | 3143161 | Missing Authorization check for UI5 flexibility key user functionality | 4,3 | 10.05.2022 |
BC-MID-ICF | 3165333 | [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 4,7 | 10.05.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.