SAP© Security Advisories - 10 2022 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

_{Related note}
3248970

_CVSS
4.9

_{Affected system
type}
SAP Customer Data Cloud

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Security Advisory

_{Related note}
3233226

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Security Advisory

_{Related note}
3202523

_CVSS
6.1

_{Affected system
type}
SAP Commerce

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Security Advisory

_{Related note}
3245929

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author

Security Advisory

_{Related note}
3167342

_CVSS
4.8

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console

Security Advisory

_{Related note}
3211161

_CVSS
6.1

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)

Security Advisory

_{Related note}
3229425

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP

Security Advisory

_{Related note}
3239293

_CVSS
7.7

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)

Security Advisory

_{Related note}
3232021

_CVSS
8.1

_{Affected system
type}
Sybase platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ

Security Advisory

_{Related note}
2495712

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
Missing authorization check in SAP Automotive Solutions

Security Advisory

_{Related note}
3245928

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer

Security Advisory

_{Related note}
3242933

_CVSS
9.9

_{Affected system
type}
Java

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

Security Advisory

_{Related note}
3248384

_CVSS
4.9

_{Affected system
type}
SAP Customer Data Cloud

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Security Advisory

_{Related note}
3049899

_CVSS
6.5

_{Affected system
type}
SAP Enable Now

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Security Advisory

_{Related note}
3234755

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
Information Disclosure vulnerability in Master Data Governance

Security Advisory

_{Related note}
3229132

_CVSS
8.2

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)

Security Advisory

Notifications

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

Related note 3248970

CVSS 4.9

Affected system type SAP Customer Data Cloud

Patchday2022-10

Released on2022/10/11

Related note 3233226

CVSS 6.8

Affected system type BI/BO platform

Patchday2022-10

Released on2022/10/11

Related note 3202523

CVSS 6.1

Affected system type SAP Commerce

Patchday2022-10

Released on2022/10/11

Related note 3245929

CVSS 7.0

Affected system type SAP 3D Visual Enterprise

Patchday2022-10

Released on2022/10/11

Related note 3167342

CVSS 4.8

Affected system type BI/BO platform

Patchday2022-10

Released on2022/10/11

Related note 3211161

CVSS 6.1

Affected system type BI/BO platform

Patchday2022-10

Released on2022/10/11

Related note 3229425

CVSS 5.4

Affected system type BI/BO platform

Patchday2022-10

Released on2022/10/11

Related note 3239293

CVSS 7.7

Affected system type BI/BO platform

Patchday2022-10

Released on2022/10/11

Related note 3232021

CVSS 8.1

Affected system type Sybase platform

Patchday2022-10

Released on2022/10/11

Related note 2495712

CVSS 6.5

Affected system type ABAP

Patchday2022-10

Released on2022/10/11

Related note 3245928

CVSS 7.0

Affected system type SAP 3D Visual Enterprise

Patchday2022-10

Released on2022/10/11

Related note 3242933

CVSS 9.9

Affected system type Java

Patchday2022-10

Released on2022/10/11

Related note 3248384

CVSS 4.9

Affected system type SAP Customer Data Cloud

Patchday2022-10

Released on2022/10/11

Related note 3049899

CVSS 6.5

Affected system type SAP Enable Now

Patchday2022-10

Released on2022/10/11

Related note 3234755

CVSS 4.3

Affected system type ABAP

Patchday2022-10

Released on2022/10/11

_{Related note}
3248970

_CVSS
4.9

_{Affected system
type}
SAP Customer Data Cloud

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3233226

_CVSS
6.8

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3202523

_CVSS
6.1

_{Affected system
type}
SAP Commerce

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3245929

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3167342

_CVSS
4.8

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3211161

_CVSS
6.1

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3229425

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3239293

_CVSS
7.7

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3232021

_CVSS
8.1

_{Affected system
type}
Sybase platform

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
2495712

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3245928

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3242933

_CVSS
9.9

_{Affected system
type}
Java

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3248384

_CVSS
4.9

_{Affected system
type}
SAP Customer Data Cloud

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3049899

_CVSS
6.5

_{Affected system
type}
SAP Enable Now

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3234755

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2022-10

_{Released
on}
2022/10/11

_{Related note}
3229132

_CVSS
8.2

_{Affected system
type}
BI/BO platform

_Patchday
2022-10

_{Released
on}
2022/10/11