W dniu 8 marca firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 12 nowych poprawek w tym 4 są krytyczne.
Pełna lista poprawek:
|
Note# |
Title |
Priority |
CVSS |
|
3123396 |
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher Product – SAP Web Dispatcher, Versions -7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87
Product – SAP Content Server, Version -7.53 Product – SAP NetWeaver and ABAP Platform, Versions -KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49 |
Hot News |
10 |
|
3131047 |
Update to Security Note released on December 2021 Patch Day:
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component |
Hot News |
10 |
|
3154684 |
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager
Additional CVE-CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 Product – SAP Work Manager, Versions 6.4, 6.5, 6.6 Product – SAP Inventory Manager, Versions 4.3, 4.4Hot |
Hot News |
10 |
|
3145987 |
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)
Product – Simple Diagnostics Agent |
Hot News |
9.3 |
|
3149805 |
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad
Product – Fiori Launchpad, Versions 754, 755, 756 |
High |
8.2 |
|
1753378 |
Update to Security Note released on August 2013 Patch Day:
Directory traversal in Web Container Product – SAP-JEE, Version 6.40 Product – SAP-JEECOR, Versions 6.40, 7.00, 7.01 Product – SERVERCORE, Versions 7.10, 7.11, 7.20, 7.30, 7.31 |
Medium |
5.3 |
|
3142092 |
Update to Security Note released on February 2022 Patch Day:
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) Product – SAPS/4HANA(Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer), Versions -104, 105, 106 |
Medium |
6.5 |
|
3146261 |
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Product – SAP NetWeaver Enterprise Portal, Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Medium |
6.1 |
|
3146260 |
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Product – SAP NetWeaver Enterprise Portal, Versions 7.30, 7.31, 7.40, 7.50 |
Medium |
6.1 |
|
3144941 |
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation
Product – SAP Financial Consolidation, Version 10.1 |
Medium |
5.4 |
|
3145997 |
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP
Product – SAP NetWeaver Application Server for ABAP, Versions 700, 701, 702, 731 |
Medium |
5.4 |
|
3147283 |
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)
Product – SAP Focused Run, Versions 200, 300 |
Medium |
5.4 |
|
3147102 |
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Product – Simple Diagnostics Agent, Versions=>1.0, < 1.58 |
Medium |
5.3 |
|
3103424 |
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform
Product – SAP Business Objects Business Intelligence Platform, Version 420, 430 |
Medium |
5.0 |
|
3111110 |
[CVE-2022-26100] Denial of service (DOS) in SAPCAR
Product – SAPCAR, Version 7.22 |
Medium |
4.8 |
|
3132360 |
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)
Product – SAP NetWeaver AS JAVA (Portal Basis), Version 7.50 |
Low |
3.7 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny