Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 9 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 9

System Types

Affected SAP© system types

_{Related note}
3275391

_CVSS
9.9

_{Affected system
type}
SAP Business Planning...

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Security Advisory

_{Related note}
3262810

_CVSS
9.9

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Security Advisory

_{Related note}
3268093

_CVSS
9.4

_{Affected system
type}
Java

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Security Advisory

_{Related note}
3089413

_CVSS
9.0

_{Affected system
type}
Kernel / ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Security Advisory

_{Related note}
3276120

_CVSS
6.4

_{Affected system
type}
SAP Host Agent

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Security Advisory

_{Related note}
3283283

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Security Advisory

_{Related note}
3266006

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Security Advisory

_{Related note}
3251447

_CVSS
4.6

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Security Advisory

_{Related note}
3150704

_CVSS
4.5

_{Affected system
type}
ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 9

System Types

Affected SAP© system types

Related note 3275391

CVSS 9.9

Affected system type SAP Business Planning...

Patchday2023-01

Released on2023/01/10

Related note 3262810

CVSS 9.9

Affected system type BI/BO platform

Patchday2023-01

Released on2023/01/10

Related note 3268093

CVSS 9.4

Affected system type Java

Patchday2023-01

Released on2023/01/10

Related note 3089413

CVSS 9.0

Affected system type Kernel / ABAP

Patchday2023-01

Released on2023/01/10

Related note 3276120

CVSS 6.4

Affected system type SAP Host Agent

Patchday2023-01

Released on2023/01/10

Related note 3283283

CVSS 6.1

Affected system type ABAP

Patchday2023-01

Released on2023/01/10

Related note 3266006

CVSS 5.4

Affected system type BI/BO platform

Patchday2023-01

Released on2023/01/10

Related note 3251447

CVSS 4.6

Affected system type BI/BO platform

Patchday2023-01

Released on2023/01/10

Related note 3150704

CVSS 4.5

Affected system type ABAP

Patchday2023-01

Released on2023/01/10

_{Related note}
3275391

_CVSS
9.9

_{Affected system
type}
SAP Business Planning...

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3262810

_CVSS
9.9

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3268093

_CVSS
9.4

_{Affected system
type}
Java

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3089413

_CVSS
9.0

_{Affected system
type}
Kernel / ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3276120

_CVSS
6.4

_{Affected system
type}
SAP Host Agent

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3283283

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3266006

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3251447

_CVSS
4.6

_{Affected system
type}
BI/BO platform

_Patchday
2023-01

_{Released
on}
2023/01/10

_{Related note}
3150704

_CVSS
4.5

_{Affected system
type}
ABAP

_Patchday
2023-01

_{Released
on}
2023/01/10