Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest CVSS score is 9.8.

 

 Severity
SAP© Security advisories 11
 System Types
Affected SAP© system types

 

Related note
3189409
CVSS
9.8

Affected system type
SAP Business One Cloud
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud

 

Related note
3145046
CVSS
8.3

Affected system type
Kernel
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)

 

Related note
2998510
CVSS
7.8

Affected system type
BI/BO platform
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update

 

Related note
3164677
CVSS
6.5

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)

 

Related note
3165801
CVSS
6.5

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
2754555
CVSS
6.3

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end

 

Related note
2756188
CVSS
6.3

Affected system type
UI5
Patchday
2022-05
Released on
2022/05/10

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end

 

Related note
3146336
CVSS
5.4

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

 

Related note
3158188
CVSS
5.3

Affected system type
SAP Host Agent
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile

 

Related note
3145702
CVSS
5.3

Affected system type
SAP Host AgentKernel
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform

 

Related note
3143161
CVSS
4.3

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
Missing Authorization check for UI5 flexibility key user functionality

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH