SAP Security Notes Summary – September 2022

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
IS-A2726124Missing Authorization Check in multiple components under SAP Automotive Solutions6,327.09.2022
IS-A-VMS2460948Missing Authorization Check in Vehicle Management System5,327.09.2022
BC-MID-RFC3150454Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform4,927.09.2022
QM-QN2634023Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN6,327.09.2022
BI-BIP-CMC3213524[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)627.09.2022
BI-BIP-ADM3213507[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)8,227.09.2022
SBO-CRO-SEC3223392[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One7,813.09.2022
EP-KM-FWK-CF3219164[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)6,113.09.2022
BI-BIP-SRV3217303[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)7,713.09.2022
BC-CCM-MON-OS3159736[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix6,713.09.2022
BC-MID-ICF3198137Update 1 to Security Note 3165333 – [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,713.09.2022
CA-WUI-UI-TAG3126968Information Disclosure vulnerability in SAP CRM WebClient4,313.09.2022
BI-BIP-INS2998510[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update7,813.09.2022
GRC-SAC-EAM3237075[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management7,113.09.2022
BC-FES-WGU3229820[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)6,113.09.2022
LOD-SF-EC3226411[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)8,113.09.2022
BC-FES-WGU3218177[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP5,413.09.2022
BC-MID-ICF3165333[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform4,713.09.2022
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. SAPBasisWorld.com Privacy Policy