SAP Security Notes Summary – October 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1025.10.2022
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,125.10.2022
CEC-COM-CPS3202523Cross-Site Scripting (XSS) vulnerability in SAP Commerce6,114.10.2022
CEC-COM-CPS3239152[CVE-2022-41204] Account hijacking through URL Redirection vulnerability in SAP Commerce login form9,614.10.2022
IS-A2495712Missing authorization check in SAP Automotive Solutions6,511.10.2022
BI-BIP-ADM3239293[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)7,711.10.2022
BI-RA-AWB3229425[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP5,411.10.2022
BI-BIP-ADM3229132[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)8,211.10.2022
BI-BIP-INV3211161[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)6,111.10.2022
CEC-PRO-GIY3248970[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)4,911.10.2022
CEC-PRO-GIY3248384[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)4,911.10.2022
CA-VE-VEA3245929[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author711.10.2022
CA-VE-VEV3245928[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer711.10.2022
MFG-ME3242933[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution9,911.10.2022
KM-SEN-MGR3049899[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now6,511.10.2022
EIM-DS-SVR3167342[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console4,811.10.2022
CA-MDG-APP-CUS3234755Information Disclosure vulnerability in Master Data Governance4,311.10.2022
BI-BIP-LCM3233226[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)6,811.10.2022
BC-SYB-SQA3232021[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ8,111.10.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,904.10.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy