Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 23 security advices for you to review.

Severity

SAP© Security advisories 23

System Types

Affected SAP© system types

_{Related note}
3221288

_CVSS
8.3

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Security Advisory

_{Related note}
3157613

_CVSS
7.5

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)

Security Advisory

_{Related note}
3210779

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal

Security Advisory

_{Related note}
3220746

_CVSS
3.3

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Security Advisory

_{Related note}
3209557

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
3213826

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)

Security Advisory

_{Related note}
3213279

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Security Advisory

_{Related note}
3212997

_CVSS
7.6

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One

Security Advisory

_{Related note}
3191012

_CVSS
7.4

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One

Security Advisory

_{Related note}
3150463

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
Information Disclosure vulnerability in ABAP Platform

Security Advisory

_{Related note}
3203079

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)

Security Advisory

_{Related note}
3208819

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
3194361

_CVSS
6.0

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)

Security Advisory

_{Related note}
3167430

_CVSS
5.6

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)

Security Advisory

_{Related note}
3211203

_CVSS
4.3

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One

Security Advisory

_{Related note}
3216161

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA

Security Advisory

_{Related note}
2726124

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/06/28

Description
Missing Authorization Check in multiple components under SAP Automotive Solutions

Security Advisory

_{Related note}
3169239

_CVSS
6.5

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x

Security Advisory

_{Related note}
3211760

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC

Security Advisory

_{Related note}
3196280

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-31592] Missing Authorization check in EA-DFPS

Security Advisory

_{Related note}
3207902

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
3208880

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

_{Related note}
3150454

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 23

System Types

Affected SAP© system types

Related note 3221288

CVSS 8.3

Affected system type BI/BO platform

Patchday2022-07

Released on2022/07/12

Related note 3157613

CVSS 7.5

Affected system type SAP Business One

Patchday2022-07

Released on2022/07/12

Related note 3210779

CVSS 6.1

Affected system type Java

Patchday2022-07

Released on2022/07/12

Related note 3220746

CVSS 3.3

Affected system type SAP 3D Visual Enterprise

Patchday2022-07

Released on2022/07/12

Related note 3209557

CVSS 6.1

Affected system type Java

Patchday2022-07

Released on2022/07/12

Related note 3213826

CVSS 5.4

Affected system type ABAP

Patchday2022-07

Released on2022/07/12

Related note 3213279

CVSS 5.4

Affected system type BI/BO platform

Patchday2022-07

Released on2022/07/12

Related note 3212997

CVSS 7.6

Affected system type SAP Business One

Patchday2022-07

Released on2022/07/12

Related note 3191012

CVSS 7.4

Affected system type SAP Business One

Patchday2022-07

Released on2022/07/12

Related note 3150463

CVSS 4.9

Affected system type ABAP

Patchday2022-07

Released on2022/07/12

Related note 3203079

CVSS 5.4

Affected system type BI/BO platform

Patchday2022-07

Released on2022/07/12

Related note 3208819

CVSS 6.1

Affected system type Java

Patchday2022-07

Released on2022/07/12

Related note 3194361

CVSS 6.0

Affected system type BI/BO platform

Patchday2022-07

Released on2022/07/12

Related note 3167430

CVSS 5.6

Affected system type BI/BO platform

Patchday2022-07

Released on2022/07/12

Related note 3211203

CVSS 4.3

Affected system type SAP Business One

Patchday2022-07

_{Related note}
3221288

_CVSS
8.3

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3157613

_CVSS
7.5

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3210779

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3220746

_CVSS
3.3

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3209557

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3213826

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3213279

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3212997

_CVSS
7.6

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3191012

_CVSS
7.4

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3150463

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3203079

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3208819

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3194361

_CVSS
6.0

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3167430

_CVSS
5.6

_{Affected system
type}
BI/BO platform

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3211203

_CVSS
4.3

_{Affected system
type}
SAP Business One

_Patchday
2022-07

_{Released
on}
2022/07/12

_{Related note}
3216161

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-07

_{Released
on}
2022/07/12