Security Advisory for April 2022 
Advisory

Today we have released the Security Advisories for SAP and the month of April 2022

 

Taking control of the SAP patch management process for the vast product portfolio offered by SAP SE is essential to maintaining a steady security posture. We have reviewed the security patches released (and updated) in April 2022 and found corrections that eliminate the following attack vectors:

  • "Code injection"
  • "Cross-Site Scripting (XSS)"
  • "Cross-site request Forgery (XSRF)"
  • "Denial of service (DoS)"
  • "Directory traversal (read)"
  • "External entity tunneling (XXE)"
  • "Information disclosure"
  • "Missing authentication check"
  • "Missing authorization check"
  • "Remote Code Execution vulnerability"
  • "URL Redirection vulnerability"
  • "Weak security function / cryptographic algorithm "

Patches released by the manufacturer contain solutions for the components

  • "BC-CST-WDP"
  • "BC-FES-GUI"
  • "BC-ILM-DAS"
  • "BC-MID-ICF"
  • "BC-SYB-PD"
  • "BC-SYB-SQA"
  • "BC-XS-SEC"
  • "BI-BIP-ADM"
  • "BI-BIP-BIW"
  • "BI-BIP-CMC"
  • "BI-DEV-WEB"
  • "CA-GTF-VBZ"
  • "CA-UI5-COR-FND"
  • "CA-VE-VEV"
  • "CA-WUI-UI"
  • "CEC-COM-CPS"
  • "CEC-COM-CPS-WEB"
  • "EP-PIN-PRT"
  • "EP-PIN-WPC"
  • "IS-SE-CCO"
  • "IS-T-MA"
  • "MFG-MII"
  • "PLM-INM"
  • "SV-FRN-INF-SDA"
  • "XX-PART-ADB-IFM"
  • "XX-SER-SN"

View all SAP security advisories of April 2022.

  • Share with:
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v33.0