SAP Security Notes Summary – October 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1025.10.2022
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,125.10.2022
CEC-COM-CPS3202523Cross-Site Scripting (XSS) vulnerability in SAP Commerce6,114.10.2022
CEC-COM-CPS3239152[CVE-2022-41204] Account hijacking through URL Redirection vulnerability in SAP Commerce login form9,614.10.2022
IS-A2495712Missing authorization check in SAP Automotive Solutions6,511.10.2022
BI-BIP-ADM3239293[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)7,711.10.2022
BI-RA-AWB3229425[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP5,411.10.2022
BI-BIP-ADM3229132[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)8,211.10.2022
BI-BIP-INV3211161[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)6,111.10.2022
CEC-PRO-GIY3248970[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)4,911.10.2022
CEC-PRO-GIY3248384[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)4,911.10.2022
CA-VE-VEA3245929[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author711.10.2022
CA-VE-VEV3245928[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer711.10.2022
MFG-ME3242933[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution9,911.10.2022
KM-SEN-MGR3049899[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now6,511.10.2022
EIM-DS-SVR3167342[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console4,811.10.2022
CA-MDG-APP-CUS3234755Information Disclosure vulnerability in Master Data Governance4,311.10.2022
BI-BIP-LCM3233226[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)6,811.10.2022
BC-SYB-SQA3232021[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ8,111.10.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,904.10.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy