Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
We have found 17 security advices for you to review.
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services)
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
Sybase
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)
Affected system
type
Adobe LiveCycle Designer
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27667] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)
Affected system
type
SAP GUI / Frontend
Patchday
2022-04
Released
on
2022/04/12
Description
Information Disclosure vulnerability in SAP GUI for Windows
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
Multiple Vulnerabilities in URI.js bundled with SAPUI5
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
Enable CSP support for OP1909 in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-04
Released
on
2022/04/12
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP Innovation Management
Patchday
2022-04
Released
on
2022/03/28
Description
[CVE-2022-27658] Missing authorization check in SAP Innovation Management
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
Kernel
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)