Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 16
 System Types
Affected SAP© system types

 

Related note
3136988
CVSS
10.0

Affected system type
SAP IoT
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure

 

Related note
3136094
CVSS
10.0

Affected system type
SAP Digital...
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing

 

Related note
3134139
CVSS
10.0

Affected system type
SAP Enterprise...
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis

 

Related note
3132177
CVSS
10.0

Affected system type
SAP Localization Hub
Patchday
2022-01
Released on
2021/12/22

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India

 

Related note
3132515
CVSS
10.0

Affected system type
SAP Edge Services 
Patchday
2022-01
Released on
2021/12/30

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition

 

Related note
3132058
CVSS
10.0

Affected system type
SAP IoT
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

 

Related note
3131740
CVSS
9.8

Affected system type
SAP Business One
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One

 

Related note
3112928
CVSS
8.7

Affected system type
ABAP
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA

 

Related note
3134531
CVSS
7.5

Affected system type
SAP HANA Platform
Patchday
2022-01
Released on
2021/12/24

Description
[CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit

 

Related note
3101299
CVSS
6.6

Affected system type
SAP Business One
Patchday
2022-01
Released on
2021/12/14

Description
[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One

 

Related note
3135581
CVSS
6.6

Affected system type
Java
Patchday
2022-01
Released on
2022/01/11

Description
Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

 

Related note
3106528
CVSS
6.5

Affected system type
SAP Business One
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One

 

Related note
3124597
CVSS
6.1

Affected system type
SAP Enterprise Threat...
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection

 

Related note
3131691
CVSS
5.5

Affected system type
Adobe LiveCycle Designer
Patchday
2022-01
Released on
2021/12/30

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

 

Related note
3133005
CVSS
5.3

Affected system type
Java
Patchday
2022-01
Released on
2021/12/28

Description
Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

 

Related note
3112710
CVSS
4.3

Affected system type
ABAP
Patchday
2022-01
Released on
2022/01/11

Description
[CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH