We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 14
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/22
Description
Missing authorization check in S/4HANA finance for advanced payment management
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)
Affected system
type
SAPCAR
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Affected system
type
BI/BO platform
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP
Affected system
type
SAP Work Manager
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
Java
Patchday
2022-03
Released
on
2013/08/13
Description
Directory traversal in Web Container
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
SAP Financial Consolidation
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)