SAP Security Notes Summary – November 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-MID-ICF3251202[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,722.11.2022
CA-UI5-VTK-VIT3249990Multiple Vulnerabilities in SQlite bundled with SAPUI57,516.11.2022
CA-FLP-FE-COR3218159Insufficient Session Expiration in Central Fiori Launchpad6,108.11.2022
CA-VE-VEA3263436[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer708.11.2022
BI-RA-WBI-FE3243924[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)9,908.11.2022
BC-SYB-SQA3229987[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere6,508.11.2022
FIN-FSCM-BD3238042[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct6,108.11.2022
BC-FES-GUI3237251[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows5,508.11.2022
BC-CTS-TMS3256571[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform8,708.11.2022
EPM-BFC-TCL-ADM-SEC3260708[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation6,508.11.2022

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy