We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest CVSS score is 9.8.

 

 Severity
SAP© Security advisories 11
 System Types
Affected SAP© system types

 

Related note
2754555
CVSS
6.3

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end

Security Advisory

 

Related note
3146336
CVSS
5.4

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

 

Related note
2998510
CVSS
7.8

Affected system type
BI/BO platform
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update

Security Advisory

 

Related note
3145046
CVSS
8.3

Affected system type
Kernel
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)

Security Advisory

 

Related note
3164677
CVSS
6.5

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)

Security Advisory

 

Related note
2756188
CVSS
6.3

Affected system type
UI5
Patchday
2022-05
Released on
2022/05/10

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end

Security Advisory

 

Related note
3165801
CVSS
6.5

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

 

Related note
3158188
CVSS
5.3

Affected system type
SAP Host Agent
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile

Security Advisory

 

Related note
3143161
CVSS
4.3

Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10

Description
Missing Authorization check for UI5 flexibility key user functionality

Security Advisory

 

Related note
3145702
CVSS
5.3

Affected system type
SAP Host Agent Kernel
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform

Security Advisory

 

Related note
3189409
CVSS
9.8

Affected system type
SAP Business One Cloud
Patchday
2022-05
Released on
2022/05/10

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v35.0