Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 14
 System Types
Affected SAP© system types

 

Related note
3239475
CVSS
9.9

Affected system type
BI/BO platform
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

 

Related note
3273480
CVSS
9.9

Affected system type
Java
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

 

Related note
3271523
CVSS
9.8

Affected system type
SAP Commerce
Patchday
2022-12
Released on
2022/12/13

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

 

Related note
3267780
CVSS
9.4

Affected system type
Java
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

 

Related note
3268172
CVSS
8.8

Affected system type
ABAP
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

 

Related note
3271091
CVSS
8.5

Affected system type
ABAP
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

 

Related note
3248255
CVSS
8.0

Affected system type
SAP Commerce
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

 

Related note
3266846
CVSS
6.5

Affected system type
SAP Disclosure Management
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

 

Related note
3271313
CVSS
6.1

Affected system type
ABAP
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

 

Related note
3262544
CVSS
6.1

Affected system type
Java
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

 

Related note
3258950
CVSS
6.1

Affected system type
ABAP
Patchday
2022-12
Released on
2022/12/13

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

 

Related note
3265173
CVSS
6.0

Affected system type
Java
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

 

Related note
3249648
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

 

Related note
3270399
CVSS
4.3

Affected system type
Java
Patchday
2022-12
Released on
2022/12/13

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2023 by SecurityBridge // NCMI GmbH