We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.
Severity
SAP© Security advisories 14
System Types
Affected SAP© system types
Affected system
type
SAP Commerce
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)
Affected system
type
SAP Commerce
Patchday
2022-12
Released
on
2022/12/13
Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce
Affected system
type
BI/BO platform
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)
Affected system
type
BI/BO platform
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management
Affected system
type
SAP Disclosure Management
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)