Firma SAP publikuje aktualizacje bezpieczeństwa 01/2022

utworzone przez | sty 11, 2022 | Aktualizacje

W dniu 11 stycznia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 9 nowych poprawek w tym 1 jest krytyczna.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note# Title Priority CVSS
3131047 [CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

Consolidated Security Note list  (Product: Security Note #)
SAP Customer Checkout: 3133772
SAP BTP Cloud Foundry: 3130578
SAP Landscape Management: 3132198
SAP Connected Health Platform 2.0 – Fhirserver: 3131824
SAP HANA XS Advanced Cockpit : 3134531 (includes fix provided in 31313973132822)
SAP NetWeaver Process Integration (Java Web Service Adapter) : 3135581 (includes fix provided in 313220431305213133005)
SAP HANA XS Advanced : 3131258
Internet of Things Edge Platform : 3132922
SAP BTP Kyma : 3132744
SAP Enable Now Manager : 3132964
SAP Cloud for Customer (add-in for Lotus notes client) : 3132074
SAP Localization Hub, digital compliance service for India : 3132177
SAP Edge Services On Premise Edition : 3132909
SAP Edge Services Cloud Edition : 3132515
SAP BTP API Management (Tenant Cloning Tool) : 3132162
SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0) : 3131691
SAP Digital Manufacturing Cloud for Edge Computing : 3136094
SAP Enterprise Continuous Testing by Tricentis :  3134139
SAP Cloud-to-Cloud Interoperability : 3132058
Reference Template for enabling ingestion and persistence of time series data in Azure : 3136988
SAP Business One : 3131740

 Hot News 10
3112928 [CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA
Additional CVE – CVE-2022-22530
Product – SAP S/4HANA, Versions – 100, 101, 102, 103, 104, 105, 106		 High 8.7
3123196 Update to Security Note released on December 2021 Patch Day:
[CVE-2021-44235Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP
Product – SAP NetWeaver AS ABAP, Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756		 High 8.4
3101299 [CVE-2021-42066Information Disclosure vulnerability in SAP Business One
Product – SAP Business One, Version – 10
 Medium 6.6
3106528 [CVE-2021-44234Information Disclosure vulnerability in SAP Business One
Product – SAP Business One, Version – 10		 Medium 6.5
3124597 [CVE-2022-22529Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
Product – SAP Enterprise Threat Detection, Version – 2.0
 Medium 6.1
3112710 [CVE-2022-42067Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Product – SAP NetWeaver AS for ABAP and ABAP Platform, Versions – 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786		 Medium 4.3
3121165 Update to Security Note released on December 2021 Patch Day:
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
CVEs – CVE-2021-42068,CVE-2021-42070CVE-2021-42069CVE-2021-42069
Product – SAP 3D Visual Enterprise Viewer, Version – 9		 Medium 4.3
3080816 Update to Security Note released on December 2021 Patch Day:
[CVE-2021-44233Missing Authorization check in GRC Access Control
Product – SAP GRC Access Control, Versions – V1100_700, V1100_731, V1200_750		 Low 2.4