Security Advisories  

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Description
Insufficient Session Expiration in Central Fiori Launchpad

Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere

Description
[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows

Description
[CVE-2021-20223] Multiple Vulnerabilities in SQlite bundled with SAPUI5

Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)

Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct

Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author

Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)

Description
Information Disclosure vulnerability in Master Data Governance

Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

Description
Missing authorization check in SAP Automotive Solutions

Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ

Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)

Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP

Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console

Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Description
Information Disclosure vulnerability in SAP CRM WebClient

Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix

Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN

Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One

Description
[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android

Description
[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Description
Information Disclosure in SAP Landscape Management

Description
[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager

Description
Missing Authorization check in Portugal Digital Signature

Description
Information Disclosure vulnerability in SAP Business Client

Description
[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)

Description
[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)

Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)

Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal

Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)

Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One

Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One

Description
Information Disclosure vulnerability in ABAP Platform

Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)

Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)

Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)

Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One

Description
[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA

Description
[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x

Description
[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC

Description
Missing Authorization Check in multiple components under SAP Automotive Solutions

Description
[CVE-2022-31592] Missing Authorization check in EA-DFPS

Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)

Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services

Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7

Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App

Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database

Description
Unsafe use of target blank in SAP Marketing Campaigns

Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent

Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation

Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)

Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform

Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)

Description
Missing Authorization check in SAP ERP HCM

Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform

Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile

Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud

Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)

Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)

Description
Missing Authorization check for UI5 flexibility key user functionality

Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end

Description
[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC

Description
[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)

Description
Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services

Description
[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere

Description
[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics

Description
[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform

Description
[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (up to including 16.7 SP05 PL01)

Description
Enable CSP support for OP1909 in SAP CRM WebClient UI

Description
[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-27658] Missing authorization check in SAP Innovation Management

Description
[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

Description
[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service

Description
Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2022-27667] Information Disclosure vulnerability in CMC

Description
Multiple Vulnerabilities in URI.js bundled with SAPUI5

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce

Description
[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework

Description
Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout

Description
[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services)

Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR

Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Directory traversal in Web Container

Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
Missing authorization check in S/4HANA finance for advanced payment management

Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management

Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise

Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)

Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce

Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools

Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM

Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)

Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP

Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)

Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)