We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 17 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 17
System Types
Affected SAP© system types
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)
Affected system
type
SAP Commerce
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
Affected system
type
ABAP
Patchday
2022-02
Released
on
2019/04/09
Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)
Affected system
type
SAP Data Intelligence
Patchday
2022-02
Released
on
2022/01/18
Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-02
Released
on
2022/02/08
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/01/25
Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP
Affected system
type
SAP Adaptive Server...
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
BI/BO platform
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java
Affected system
type
Java
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)
Affected system
type
None
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)