SAP Security Notes Summary – May 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
XX-SER-SN3170990[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework9,810.05.2022
BI-BIP-INS2998510[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update7,810.05.2022
FI-FIO-AP2756188Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end6,310.05.2022
FI-FIO-AP2754555Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end6,310.05.2022
BC-ABA-LI3165801[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform6,510.05.2022
PA-FIO-LEA3164677[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)6,510.05.2022
BC-CCM-HAG3158188[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile5,310.05.2022
SBO-CRO-SEC3189409[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud9,810.05.2022
CA-UI2-THD3146336[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP5,410.05.2022
BC-CST-MS3145702[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform5,310.05.2022
BC-CST-WDP3145046[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)8,310.05.2022
CA-UI5-FL-LRP3143161Missing Authorization check for UI5 flexibility key user functionality4,310.05.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,710.05.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy