SAP Security Notes Summary – November 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-MID-ICF | 3251202 | [CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 4,7 | 22.11.2022 |
CA-UI5-VTK-VIT | 3249990 | Multiple Vulnerabilities in SQlite bundled with SAPUI5 | 7,5 | 16.11.2022 |
CA-FLP-FE-COR | 3218159 | Insufficient Session Expiration in Central Fiori Launchpad | 6,1 | 08.11.2022 |
CA-VE-VEA | 3263436 | [CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer | 7 | 08.11.2022 |
BI-RA-WBI-FE | 3243924 | [CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) | 9,9 | 08.11.2022 |
BC-SYB-SQA | 3229987 | [CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere | 6,5 | 08.11.2022 |
FIN-FSCM-BD | 3238042 | [CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct | 6,1 | 08.11.2022 |
BC-FES-GUI | 3237251 | [CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows | 5,5 | 08.11.2022 |
BC-CTS-TMS | 3256571 | [CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform | 8,7 | 08.11.2022 |
EPM-BFC-TCL-ADM-SEC | 3260708 | [CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation | 6,5 | 08.11.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.