W dniu 8 lutego firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 14 nowych poprawek w tym 9 jest krytycznych.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
Note# |
Title | Priority |
CVSS |
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher Product – SAP Web Dispatcher, Versions – 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87 Product – SAP Content Server, Version – 7.53 Product – SAP NetWeaver and ABAP Platform, Versions – KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49 |
Hot News |
||
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce Related CVEs – CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 Product – SAP Commerce, Versions – 1905, 2005, 2105, 2011 |
Hot News |
||
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise) Related CVEs – CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Product – SAP Data Intelligence, Version – 3 |
Hot News |
||
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management Related CVEs – CVE-2021-44228, CVE-2021-45046 Product – SAP Dynamic Authorization Management, Version – 9.1.0.0, 2021.03 |
Hot News |
||
Update to Security Note released in December 2021: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform Related CVEs – CVE-2021-45105, CVE-2021-45046 , CVE-2021-44832 Product – Internet of Things Edge Platform, Version – 4.0 |
Hot News |
||
Update to Security Note released in December 2021: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout Related CVEs – CVE-2021-45046, CVE-2021-45105 Product – SAP Customer Checkout, Version – 2 |
Hot News |
||
Update to Security Note released in December 2021: [CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component |
Hot News |
||
Update to Security Note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News |
||
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools Product – SAP Solution Manager (Diagnostics Root Cause Analysis Tools), Version – 720 |
Hot News |
||
Update to Security Note released on January 2022 Patch Day: [CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA Additional CVE – CVE-2022-22530 Product – SAP S/4HANA, Versions – 100, 101, 102, 103, 104, 105, 106 |
High |
||
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java Product – SAP NetWeaver Application Server Java, Versions – KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53 |
High |
||
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server) Product – SAP NetWeaver AS ABAP (Workplace Server), Versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 |
High |
||
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Product – SAP NetWeaver (ABAP and Java application Servers), Versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 |
Medium |
||
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM Product – SAP ERP HCM (Portugal), Versions – 600, 604, 608 |
Medium |
||
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) Product – SAP Business Objects Web Intelligence (BI Launchpad) , Version – 420 |
Medium |
||
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer CVEs – CVE-2022-22537, CVE-2022-22539, CVE-2022-22538 Product – SAP 3D Visual Enterprise Viewer , Version – 9.0 |
Medium |
||
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise Product – SAP Adaptive Server Enterprise , Version – 16.0 |
Medium |
||
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) Product – SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) , Versions – 104, 105, 106 |
Medium |
||
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) Product – SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) , Versions – KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49 |
Low |