Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 10.0.

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

_{Related note}
3104349

_CVSS
3.3

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/22

Description
Missing authorization check in S/4HANA finance for advanced payment management

Security Advisory

_{Related note}
3132360

_CVSS
3.7

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

Security Advisory

_{Related note}
3147283

_CVSS
5.4

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Security Advisory

_{Related note}
3111110

_CVSS
4.8

_{Affected system
type}
SAPCAR

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR

Security Advisory

_{Related note}
3147102

_CVSS
5.3

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Security Advisory

_{Related note}
3103424

_CVSS
5.0

_{Affected system
type}
BI/BO platform

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

Security Advisory

_{Related note}
3145997

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

_{Related note}
3154684

_CVSS
10.0

_{Affected system
type}
SAP Work Manager

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

Security Advisory

_{Related note}
3149805

_CVSS
8.1

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Security Advisory

_{Related note}
3146261

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
1753378

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2013/08/13

Description
Directory traversal in Web Container

Security Advisory

_{Related note}
3146260

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
3144941

_CVSS
5.4

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

Security Advisory

_{Related note}
3145987

_CVSS
9.3

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08

Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

Related note 3104349

CVSS 3.3

Affected system type ABAP

Patchday2022-03

Released on2022/03/22

Related note 3132360

CVSS 3.7

Affected system type Java

Patchday2022-03

Released on2022/03/08

Related note 3147283

CVSS 5.4

Affected system type SAP Solution Manager...

Patchday2022-03

Released on2022/03/08

Related note 3111110

CVSS 4.8

Affected system type SAPCAR

Patchday2022-03

Released on2022/03/08

Related note 3147102

CVSS 5.3

Affected system type SAP Solution Manager...

Patchday2022-03

Released on2022/03/08

Related note 3103424

CVSS 5.0

Affected system type BI/BO platform

Patchday2022-03

Released on2022/03/08

Related note 3145997

CVSS 5.4

Affected system type ABAP

Patchday2022-03

Released on2022/03/08

Related note 3154684

CVSS 10.0

Affected system type SAP Work Manager

Patchday2022-03

Released on2022/03/08

Related note 3149805

CVSS 8.1

Affected system type ABAP

Patchday2022-03

Released on2022/03/08

Related note 3146261

CVSS 6.1

Affected system type Java

Patchday2022-03

Released on2022/03/08

Related note 1753378

CVSS 5.3

Affected system type Java

Patchday2022-03

Released on2013/08/13

Related note 3146260

CVSS 6.1

Affected system type Java

Patchday2022-03

Released on2022/03/08

Related note 3144941

CVSS 5.4

Affected system type SAP Financial Consolidation

Patchday2022-03

Released on2022/03/08

Related note 3145987

CVSS 9.3

Affected system type SAP Solution Manager...

Patchday2022-03

Released on2022/03/08

_{Related note}
3104349

_CVSS
3.3

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/22

_{Related note}
3132360

_CVSS
3.7

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3147283

_CVSS
5.4

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3111110

_CVSS
4.8

_{Affected system
type}
SAPCAR

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3147102

_CVSS
5.3

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3103424

_CVSS
5.0

_{Affected system
type}
BI/BO platform

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3145997

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3154684

_CVSS
10.0

_{Affected system
type}
SAP Work Manager

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3149805

_CVSS
8.1

_{Affected system
type}
ABAP

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3146261

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
1753378

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2013/08/13

_{Related note}
3146260

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3144941

_CVSS
5.4

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-03

_{Released
on}
2022/03/08

_{Related note}
3145987

_CVSS
9.3

_{Affected system
type}
SAP Solution Manager...

_Patchday
2022-03

_{Released
on}
2022/03/08