SAP Security Notes Summary – November 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-MID-ICF3251202[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,722.11.2022
CA-UI5-VTK-VIT3249990Multiple Vulnerabilities in SQlite bundled with SAPUI57,516.11.2022
CA-FLP-FE-COR3218159Insufficient Session Expiration in Central Fiori Launchpad6,108.11.2022
CA-VE-VEA3263436[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer708.11.2022
BI-RA-WBI-FE3243924[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)9,908.11.2022
BC-SYB-SQA3229987[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere6,508.11.2022
FIN-FSCM-BD3238042[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct6,108.11.2022
BC-FES-GUI3237251[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows5,508.11.2022
BC-CTS-TMS3256571[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform8,708.11.2022
EPM-BFC-TCL-ADM-SEC3260708[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation6,508.11.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy