SAP Security Notes Summary – October 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 25.10.2022 |
LOD-SF-EC | 3226411 | [CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS) | 8,1 | 25.10.2022 |
CEC-COM-CPS | 3202523 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce | 6,1 | 14.10.2022 |
CEC-COM-CPS | 3239152 | [CVE-2022-41204] Account hijacking through URL Redirection vulnerability in SAP Commerce login form | 9,6 | 14.10.2022 |
IS-A | 2495712 | Missing authorization check in SAP Automotive Solutions | 6,5 | 11.10.2022 |
BI-BIP-ADM | 3239293 | [CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder) | 7,7 | 11.10.2022 |
BI-RA-AWB | 3229425 | [CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP | 5,4 | 11.10.2022 |
BI-BIP-ADM | 3229132 | [CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) | 8,2 | 11.10.2022 |
BI-BIP-INV | 3211161 | [CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) | 6,1 | 11.10.2022 |
CEC-PRO-GIY | 3248970 | [CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) | 4,9 | 11.10.2022 |
CEC-PRO-GIY | 3248384 | [CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) | 4,9 | 11.10.2022 |
CA-VE-VEA | 3245929 | [Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author | 7 | 11.10.2022 |
CA-VE-VEV | 3245928 | [Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer | 7 | 11.10.2022 |
MFG-ME | 3242933 | [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution | 9,9 | 11.10.2022 |
KM-SEN-MGR | 3049899 | [CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now | 6,5 | 11.10.2022 |
EIM-DS-SVR | 3167342 | [CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console | 4,8 | 11.10.2022 |
CA-MDG-APP-CUS | 3234755 | Information Disclosure vulnerability in Master Data Governance | 4,3 | 11.10.2022 |
BI-BIP-LCM | 3233226 | [CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) | 6,8 | 11.10.2022 |
BC-SYB-SQA | 3232021 | [CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ | 8,1 | 11.10.2022 |
BC-MID-RFC | 3150454 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,9 | 04.10.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.