SAP Security Notes Summary – September 2022
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
IS-A | 2726124 | Missing Authorization Check in multiple components under SAP Automotive Solutions | 6,3 | 27.09.2022 |
IS-A-VMS | 2460948 | Missing Authorization Check in Vehicle Management System | 5,3 | 27.09.2022 |
BC-MID-RFC | 3150454 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform | 4,9 | 27.09.2022 |
QM-QN | 2634023 | Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN | 6,3 | 27.09.2022 |
BI-BIP-CMC | 3213524 | [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) | 6 | 27.09.2022 |
BI-BIP-ADM | 3213507 | [CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) | 8,2 | 27.09.2022 |
SBO-CRO-SEC | 3223392 | [CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One | 7,8 | 13.09.2022 |
EP-KM-FWK-CF | 3219164 | [CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) | 6,1 | 13.09.2022 |
BI-BIP-SRV | 3217303 | [CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC) | 7,7 | 13.09.2022 |
BC-CCM-MON-OS | 3159736 | [CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix | 6,7 | 13.09.2022 |
BC-MID-ICF | 3198137 | Update 1 to Security Note 3165333 – [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 4,7 | 13.09.2022 |
CA-WUI-UI-TAG | 3126968 | Information Disclosure vulnerability in SAP CRM WebClient | 4,3 | 13.09.2022 |
BI-BIP-INS | 2998510 | [CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update | 7,8 | 13.09.2022 |
GRC-SAC-EAM | 3237075 | [CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management | 7,1 | 13.09.2022 |
BC-FES-WGU | 3229820 | [CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad) | 6,1 | 13.09.2022 |
LOD-SF-EC | 3226411 | [CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS) | 8,1 | 13.09.2022 |
BC-FES-WGU | 3218177 | [CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP | 5,4 | 13.09.2022 |
BC-MID-ICF | 3165333 | [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 4,7 | 13.09.2022 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.