SAP Security Notes Summary – September 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
IS-A2726124Missing Authorization Check in multiple components under SAP Automotive Solutions6,327.09.2022
IS-A-VMS2460948Missing Authorization Check in Vehicle Management System5,327.09.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,927.09.2022
QM-QN2634023Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN6,327.09.2022
BI-BIP-CMC3213524[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)627.09.2022
BI-BIP-ADM3213507[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)8,227.09.2022
SBO-CRO-SEC3223392[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One7,813.09.2022
EP-KM-FWK-CF3219164[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)6,113.09.2022
BI-BIP-SRV3217303[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)7,713.09.2022
BC-CCM-MON-OS3159736[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix6,713.09.2022
BC-MID-ICF3198137Update 1 to Security Note 3165333 – [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,713.09.2022
CA-WUI-UI-TAG3126968Information Disclosure vulnerability in SAP CRM WebClient4,313.09.2022
BI-BIP-INS2998510[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update7,813.09.2022
GRC-SAC-EAM3237075[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management7,113.09.2022
BC-FES-WGU3229820[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)6,113.09.2022
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,113.09.2022
BC-FES-WGU3218177[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP5,413.09.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,713.09.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy