SAP© Security Advisories - 12 2022 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

_{Related note}
3248255

_CVSS
8.0

_{Affected system
type}
SAP Commerce

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Security Advisory

_{Related note}
3271313

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

Security Advisory

_{Related note}
3271523

_CVSS
9.8

_{Affected system
type}
SAP Commerce

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

Security Advisory

_{Related note}
3249648

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

Security Advisory

_{Related note}
3239475

_CVSS
9.9

_{Affected system
type}
BI/BO platform

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3270399

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Security Advisory

_{Related note}
3266846

_CVSS
6.5

_{Affected system
type}
SAP Disclosure Management

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Security Advisory

_{Related note}
3262544

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Security Advisory

_{Related note}
3258950

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Security Advisory

_{Related note}
3268172

_CVSS
8.8

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Security Advisory

_{Related note}
3265173

_CVSS
6.0

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Security Advisory

_{Related note}
3267780

_CVSS
9.4

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Security Advisory

_{Related note}
3271091

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Security Advisory

_{Related note}
3273480

_CVSS
9.9

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

Security Advisory

Notifications

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

Related note 3248255

CVSS 8.0

Affected system type SAP Commerce

Patchday2022-12

Released on2022/12/13

Related note 3271313

CVSS 6.1

Affected system type ABAP

Patchday2022-12

Released on2022/12/13

Related note 3271523

CVSS 9.8

Affected system type SAP Commerce

Patchday2022-12

Released on2022/12/13

Related note 3249648

CVSS 4.3

Affected system type BI/BO platform

Patchday2022-12

Released on2022/12/13

Related note 3239475

CVSS 9.9

Affected system type BI/BO platform

Patchday2022-12

Released on2022/12/13

Related note 3270399

CVSS 4.3

Affected system type Java

Patchday2022-12

Released on2022/12/13

Related note 3266846

CVSS 6.5

Affected system type SAP Disclosure Management

Patchday2022-12

Released on2022/12/13

Related note 3262544

CVSS 6.1

Affected system type Java

Patchday2022-12

Released on2022/12/13

Related note 3258950

CVSS 6.1

Affected system type ABAP

Patchday2022-12

Released on2022/12/13

Related note 3268172

CVSS 8.8

Affected system type ABAP

Patchday2022-12

Released on2022/12/13

Related note 3265173

CVSS 6.0

Affected system type Java

Patchday2022-12

Released on2022/12/13

Related note 3267780

CVSS 9.4

Affected system type Java

Patchday2022-12

Released on2022/12/13

Related note 3271091

CVSS 8.5

Affected system type ABAP

Patchday2022-12

Released on2022/12/13

Related note 3273480

CVSS 9.9

Affected system type Java

Patchday2022-12

Released on2022/12/13

_{Related note}
3248255

_CVSS
8.0

_{Affected system
type}
SAP Commerce

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3271313

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3271523

_CVSS
9.8

_{Affected system
type}
SAP Commerce

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3249648

_CVSS
4.3

_{Affected system
type}
BI/BO platform

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3239475

_CVSS
9.9

_{Affected system
type}
BI/BO platform

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3270399

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3266846

_CVSS
6.5

_{Affected system
type}
SAP Disclosure Management

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3262544

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3258950

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3268172

_CVSS
8.8

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3265173

_CVSS
6.0

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3267780

_CVSS
9.4

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3271091

_CVSS
8.5

_{Affected system
type}
ABAP

_Patchday
2022-12

_{Released
on}
2022/12/13

_{Related note}
3273480

_CVSS
9.9

_{Affected system
type}
Java

_Patchday
2022-12

_{Released
on}
2022/12/13