Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 10 security advices for you to review.

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

_{Related note}
3218177

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
2634023

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN

Security Advisory

_{Related note}
3223392

_CVSS
7.8

_{Affected system
type}
SAP Business One

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One

Security Advisory

_{Related note}
3237075

_CVSS
7.1

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Security Advisory

_{Related note}
3126968

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
Information Disclosure vulnerability in SAP CRM WebClient

Security Advisory

_{Related note}
3229820

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Security Advisory

_{Related note}
3219164

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Security Advisory

_{Related note}
3217303

_CVSS
7.7

_{Affected system
type}
BI/BO platform

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Security Advisory

_{Related note}
3159736

_CVSS
6.7

_{Affected system
type}
SAP Host Agent

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix

Security Advisory

_{Related note}
3198137

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

Related note 3218177

CVSS 5.4

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

Related note 2634023

CVSS 6.3

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

Related note 3223392

CVSS 7.8

Affected system type SAP Business One

Patchday2022-09

Released on2022/09/13

Related note 3237075

CVSS 7.1

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

Related note 3126968

CVSS 4.3

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

Related note 3229820

CVSS 6.1

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

Related note 3219164

CVSS 6.1

Affected system type Java

Patchday2022-09

Released on2022/09/13

Related note 3217303

CVSS 7.7

Affected system type BI/BO platform

Patchday2022-09

Released on2022/09/13

Related note 3159736

CVSS 6.7

Affected system type SAP Host Agent

Patchday2022-09

Released on2022/09/13

Related note 3198137

CVSS 4.7

Affected system type ABAP

Patchday2022-09

Released on2022/09/13

_{Related note}
3218177

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
2634023

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3223392

_CVSS
7.8

_{Affected system
type}
SAP Business One

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3237075

_CVSS
7.1

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3126968

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3229820

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3219164

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3217303

_CVSS
7.7

_{Affected system
type}
BI/BO platform

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3159736

_CVSS
6.7

_{Affected system
type}
SAP Host Agent

_Patchday
2022-09

_{Released
on}
2022/09/13

_{Related note}
3198137

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2022-09

_{Released
on}
2022/09/13