Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Hey there! Glad you made it.
We have found 14 security advices for you to review.

 

 Severity
SAP© Security advisories 14
 System Types
Affected SAP© system types

 

Related note
3158375
CVSS
8.6

Affected system type
SAProuter
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform

 

Related note
3147498
CVSS
8.2

Affected system type
Java
Patchday
2022-06
Released on
2022/06/14

Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services

 

Related note
3197005
CVSS
7.8

Affected system type
SAP PowerDesigner
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7

 

Related note
3206271
CVSS
6.5

Affected system type
SAP 3D Visual Enterprise
Patchday
2022-06
Released on
2022/06/14

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

 

Related note
3134161
CVSS
6.5

Affected system type
ABAP
Patchday
2022-06
Released on
2022/06/14

Description
Missing Authorization check in SAP ERP HCM

 

Related note
3197927
CVSS
6.1

Affected system type
SAP...
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)

 

Related note
3203065
CVSS
5.0

Affected system type
ABAP
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.

 

Related note
3158815
CVSS
5.0

Affected system type
SAP Financial Consolidation
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation

 

Related note
3194674
CVSS
5.0

Affected system type
ABAP SAP Host Agent
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent

 

Related note
3158619
CVSS
4.9

Affected system type
ABAP Java HANA platform
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database

 

Related note
3190675
CVSS
3.7

Affected system type
UI5
Patchday
2022-06
Released on
2022/06/14

Description
Unsafe use of target blank in SAP Marketing Campaigns

 

Related note
3191812
CVSS
3.7

Affected system type
UI5
Patchday
2022-06
Released on
2022/06/14

Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App

 

Related note
3202846
CVSS
3.4

Affected system type
Java
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)

 

Related note
3155571
CVSS
3.2

Affected system type
SAP Adaptive Server...
Patchday
2022-06
Released on
2022/06/14

Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH