Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 14
 System Types
Affected SAP© system types

 

Related note
3154684
CVSS
10.0

Affected system type
SAP Work Manager
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

 

Related note
3145987
CVSS
9.3

Affected system type
SAP Solution Manager...
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

 

Related note
3149805
CVSS
8.1

Affected system type
ABAP
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

 

Related note
3146261
CVSS
6.1

Affected system type
Java
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

 

Related note
3146260
CVSS
6.1

Affected system type
Java
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

 

Related note
3147283
CVSS
5.4

Affected system type
SAP Solution Manager...
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

 

Related note
3145997
CVSS
5.4

Affected system type
ABAP
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

 

Related note
3144941
CVSS
5.4

Affected system type
SAP Financial Consolidation
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

 

Related note
3147102
CVSS
5.3

Affected system type
SAP Solution Manager...
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

 

Related note
1753378
CVSS
5.3

Affected system type
Java
Patchday
2022-03
Released on
2013/08/13

Description
Directory traversal in Web Container

 

Related note
3103424
CVSS
5.0

Affected system type
BI/BO platform
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

 

Related note
3111110
CVSS
4.8

Affected system type
SAPCAR
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR

 

Related note
3132360
CVSS
3.7

Affected system type
Java
Patchday
2022-03
Released on
2022/03/08

Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

 

Related note
3104349
CVSS
3.3

Affected system type
ABAP
Patchday
2022-03
Released on
2022/03/22

Description
Missing authorization check in S/4HANA finance for advanced payment management

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH