SAP© Security Advisories - 11 2022 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 10 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

_{Related note}
3251202

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Security Advisory

_{Related note}
3229987

_CVSS
6.5

_{Affected system
type}
Sybase platform

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere

Security Advisory

_{Related note}
3238042

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct

Security Advisory

_{Related note}
3218159

_CVSS
6.1

_{Affected system
type}
SAP UI5 SAP Fiori

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
Insufficient Session Expiration in Central Fiori Launchpad

Security Advisory

_{Related note}
3237251

_CVSS
5.5

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows

Security Advisory

_{Related note}
3260708

_CVSS
6.5

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Security Advisory

_{Related note}
3249990

_CVSS
7.5

_{Affected system
type}
ABAP, Java

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2021-20223] Multiple Vulnerabilities in SQlite bundled with SAPUI5

Security Advisory

_{Related note}
3256571

_CVSS
8.7

_{Affected system
type}
ABAP

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

_{Related note}
3263436

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer

Security Advisory

_{Related note}
3243924

_CVSS
9.9

_{Affected system
type}
BI/BO platform

Exploit available

_Patchday
2022-11

_{Released
on}
2022/11/08

Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)

Security Advisory

Notifications

Severity

SAP© Security advisories 10

System Types

Affected SAP© system types

Related note 3251202

CVSS 4.7

Affected system type ABAP

Patchday2022-11

Released on2022/11/08

Related note 3229987

CVSS 6.5

Affected system type Sybase platform

Patchday2022-11

Released on2022/11/08

Related note 3238042

CVSS 6.1

Affected system type Java

Patchday2022-11

Released on2022/11/08

Related note 3218159

CVSS 6.1

Affected system type SAP UI5 SAP Fiori

Patchday2022-11

Released on2022/11/08

Related note 3237251

CVSS 5.5

Affected system type SAP GUI / Frontend

Patchday2022-11

Released on2022/11/08

Related note 3260708

CVSS 6.5

Affected system type SAP Financial Consolidation

Patchday2022-11

Released on2022/11/08

Related note 3249990

CVSS 7.5

Affected system type ABAP, Java

Patchday2022-11

Released on2022/11/08

Related note 3256571

CVSS 8.7

Affected system type ABAP

Patchday2022-11

Released on2022/11/08

Related note 3263436

CVSS 7.0

Affected system type SAP 3D Visual Enterprise

Patchday2022-11

Released on2022/11/08

Related note 3243924

CVSS 9.9

Affected system type BI/BO platform

Exploit available

Patchday2022-11

Released on2022/11/08

_{Related note}
3251202

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3229987

_CVSS
6.5

_{Affected system
type}
Sybase platform

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3238042

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3218159

_CVSS
6.1

_{Affected system
type}
SAP UI5 SAP Fiori

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3237251

_CVSS
5.5

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3260708

_CVSS
6.5

_{Affected system
type}
SAP Financial Consolidation

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3249990

_CVSS
7.5

_{Affected system
type}
ABAP, Java

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3256571

_CVSS
8.7

_{Affected system
type}
ABAP

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3263436

_CVSS
7.0

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2022-11

_{Released
on}
2022/11/08

_{Related note}
3243924

_CVSS
9.9

_{Affected system
type}
BI/BO platform

_Patchday
2022-11

_{Released
on}
2022/11/08