Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
|SAP Component||Number||Title||CVSS Score||Released On|
|BC-MID-ICF||3251202||[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform||4,7||22.11.2022|
|CA-UI5-VTK-VIT||3249990||Multiple Vulnerabilities in SQlite bundled with SAPUI5||7,5||16.11.2022|
|CA-FLP-FE-COR||3218159||Insufficient Session Expiration in Central Fiori Launchpad||6,1||08.11.2022|
|CA-VE-VEA||3263436||[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer||7||08.11.2022|
|BI-RA-WBI-FE||3243924||[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)||9,9||08.11.2022|
|BC-SYB-SQA||3229987||[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere||6,5||08.11.2022|
|FIN-FSCM-BD||3238042||[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct||6,1||08.11.2022|
|BC-FES-GUI||3237251||[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows||5,5||08.11.2022|
|BC-CTS-TMS||3256571||[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform||8,7||08.11.2022|
|EPM-BFC-TCL-ADM-SEC||3260708||[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation||6,5||08.11.2022|
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.