SAP© Security Advisories - 06 2022 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 14 security advices for you to review.

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

_{Related note}
3155571

_CVSS
3.2

_{Affected system
type}
SAP Adaptive Server...

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)

Security Advisory

_{Related note}
3203065

_CVSS
5.0

_{Affected system
type}
ABAP

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.

Security Advisory

_{Related note}
3206271

_CVSS
6.5

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Security Advisory

_{Related note}
3202846

_CVSS
3.4

_{Affected system
type}
Java

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)

Security Advisory

_{Related note}
3197927

_CVSS
6.1

_{Affected system
type}
SAP...

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)

Security Advisory

_{Related note}
3158815

_CVSS
5.0

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation

Security Advisory

_{Related note}
3194674

_CVSS
5.0

_{Affected system
type}
ABAP SAP Host Agent

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent

Security Advisory

_{Related note}
3190675

_CVSS
3.7

_{Affected system
type}
UI5

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
Unsafe use of target blank in SAP Marketing Campaigns

Security Advisory

_{Related note}
3158619

_CVSS
4.9

_{Affected system
type}
ABAP Java HANA platform

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database

Security Advisory

_{Related note}
3191812

_CVSS
3.7

_{Affected system
type}
UI5

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App

Security Advisory

_{Related note}
3197005

_CVSS
7.8

_{Affected system
type}
SAP PowerDesigner

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7

Security Advisory

_{Related note}
3147498

_CVSS
8.2

_{Affected system
type}
Java

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services

Security Advisory

_{Related note}
3134161

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
Missing Authorization check in SAP ERP HCM

Security Advisory

_{Related note}
3158375

_CVSS
8.6

_{Affected system
type}
SAProuter

_Patchday
2022-06

_{Released
on}
2022/06/14

Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform

Security Advisory

Notifications

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

Related note 3155571

CVSS 3.2

Affected system type SAP Adaptive Server...

Patchday2022-06

Released on2022/06/14

Related note 3203065

CVSS 5.0

Affected system type ABAP

Patchday2022-06

Released on2022/06/14

Related note 3206271

CVSS 6.5

Affected system type SAP 3D Visual Enterprise

Patchday2022-06

Released on2022/06/14

Related note 3202846

CVSS 3.4

Affected system type Java

Patchday2022-06

Released on2022/06/14

Related note 3197927

CVSS 6.1

Affected system type SAP...

Patchday2022-06

Released on2022/06/14

Related note 3158815

CVSS 5.0

Affected system type SAP Financial Consolidation

Patchday2022-06

Released on2022/06/14

Related note 3194674

CVSS 5.0

Affected system type ABAP SAP Host Agent

Patchday2022-06

Released on2022/06/14

Related note 3190675

CVSS 3.7

Affected system type UI5

Patchday2022-06

Released on2022/06/14

Related note 3158619

CVSS 4.9

Affected system type ABAP Java HANA platform

Patchday2022-06

Released on2022/06/14

Related note 3191812

CVSS 3.7

Affected system type UI5

Patchday2022-06

Released on2022/06/14

Related note 3197005

CVSS 7.8

Affected system type SAP PowerDesigner

Patchday2022-06

Released on2022/06/14

Related note 3147498

CVSS 8.2

Affected system type Java

Patchday2022-06

Released on2022/06/14

Related note 3134161

CVSS 6.5

Affected system type ABAP

Patchday2022-06

Released on2022/06/14

Related note 3158375

CVSS 8.6

Affected system type SAProuter

Patchday2022-06

Released on2022/06/14

_{Related note}
3155571

_CVSS
3.2

_{Affected system
type}
SAP Adaptive Server...

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3203065

_CVSS
5.0

_{Affected system
type}
ABAP

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3206271

_CVSS
6.5

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3202846

_CVSS
3.4

_{Affected system
type}
Java

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3197927

_CVSS
6.1

_{Affected system
type}
SAP...

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3158815

_CVSS
5.0

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3194674

_CVSS
5.0

_{Affected system
type}
ABAP SAP Host Agent

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3190675

_CVSS
3.7

_{Affected system
type}
UI5

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3158619

_CVSS
4.9

_{Affected system
type}
ABAP Java HANA platform

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3191812

_CVSS
3.7

_{Affected system
type}
UI5

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3197005

_CVSS
7.8

_{Affected system
type}
SAP PowerDesigner

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3147498

_CVSS
8.2

_{Affected system
type}
Java

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3134161

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2022-06

_{Released
on}
2022/06/14

_{Related note}
3158375

_CVSS
8.6

_{Affected system
type}
SAProuter

_Patchday
2022-06

_{Released
on}
2022/06/14