W dniu 11 stycznia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 9 nowych poprawek w tym 1 jest krytyczna.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS | 
| 3131047 | [CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component Consolidated Security Note list  (Product: Security Note #) | Hot News | 10 | 
| 3112928 | [CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA Additional CVE – CVE-2022-22530 Product – SAP S/4HANA, Versions – 100, 101, 102, 103, 104, 105, 106 | High | 8.7 | 
| 3123196 | Update to Security Note released on December 2021 Patch Day: [CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP Product – SAP NetWeaver AS ABAP, Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 | High | 8.4 | 
| 3101299 | [CVE-2021-42066] Information Disclosure vulnerability in SAP Business One Product – SAP Business One, Version – 10 | Medium | 6.6 | 
| 3106528 | [CVE-2021-44234] Information Disclosure vulnerability in SAP Business One Product – SAP Business One, Version – 10 | Medium | 6.5 | 
| 3124597 | [CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection Product – SAP Enterprise Threat Detection, Version – 2.0 | Medium | 6.1 | 
| 3112710 | [CVE-2022-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Product – SAP NetWeaver AS for ABAP and ABAP Platform, Versions – 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786 | Medium | 4.3 | 
| 3121165 | Update to Security Note released on December 2021 Patch Day: [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer CVEs – CVE-2021-42068,CVE-2021-42070, CVE-2021-42069, CVE-2021-42069 Product – SAP 3D Visual Enterprise Viewer, Version – 9 | Medium | 4.3 | 
| 3080816 | Update to Security Note released on December 2021 Patch Day: [CVE-2021-44233] Missing Authorization check in GRC Access Control Product – SAP GRC Access Control, Versions – V1100_700, V1100_731, V1200_750 | Low | 2.4 | 
 
					 
												 +48 22242 1996
 +48 22242 1996
 +48 571 207 996
 +48 571 207 996
 cert@pse.pl
 cert@pse.pl  klucz publiczny
klucz publiczny