Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 17
 System Types
Affected SAP© system types

 

Related note
3123396
CVSS
10.0

Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

 

Related note
3142773
CVSS
10.0

Affected system type
SAP Commerce
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce

 

Related note
3130920
CVSS
10.0

Affected system type
SAP Data Intelligence
Patchday
2022-02
Released on
2022/01/18

Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)

 

Related note
3139893
CVSS
10.0

Affected system type
None
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management

 

Related note
3140940
CVSS
9.1

Affected system type
Java
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools

 

Related note
3123427
CVSS
8.1

Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java

 

Related note
3140587
CVSS
7.1

Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)

 

Related note
3126489
CVSS
6.5

Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM

 

Related note
3142092
CVSS
6.5

Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)

 

Related note
2531036
CVSS
6.3

Affected system type
ABAP
Patchday
2022-02
Released on
2019/04/09

Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)

 

Related note
3140564
CVSS
5.6

Affected system type
SAP Adaptive Server...
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise

 

Related note
3126748
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)

 

Related note
3128473
CVSS
4.9

Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

 

Related note
3124994
CVSS
4.7

Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

 

Related note
3134684
CVSS
4.3

Affected system type
SAP 3D Visual Enterprise
Patchday
2022-02
Released on
2022/02/08

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

 

Related note
3107196
CVSS
4.3

Affected system type
ABAP
Patchday
2022-02
Released on
2022/01/25

Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP

 

Related note
3116223
CVSS
3.7

Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08

Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH