W dniu 8 marca firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 12 nowych poprawek w tym 4 są krytyczne.

Pełna lista poprawek:

Note#

Title

Priority

CVSS

3123396

[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher Product – SAP Web Dispatcher, Versions -7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87

Product – SAP Content Server, Version -7.53

Product – SAP NetWeaver and ABAP Platform, Versions -KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49

Hot News

10

3131047

Update to Security Note released on December 2021 Patch Day:

[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

Hot News

10

3154684

[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

Additional CVE-CVE-2021-45046, CVE-2021-45105, CVE-2021-44832

Product – SAP Work Manager, Versions 6.4, 6.5, 6.6

Product – SAP Inventory Manager, Versions 4.3, 4.4Hot

Hot News

10

3145987

[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Product – Simple Diagnostics Agent

Hot News

9.3

3149805

[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Product – Fiori Launchpad, Versions 754, 755, 756

High

8.2

1753378

Update to Security Note released on August 2013 Patch Day:

Directory traversal in Web Container

Product – SAP-JEE, Version 6.40

Product – SAP-JEECOR, Versions 6.40, 7.00, 7.01

Product – SERVERCORE, Versions 7.10, 7.11, 7.20, 7.30, 7.31

Medium

5.3

3142092

Update to Security Note released on February 2022 Patch Day:

[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)

Product – SAPS/4HANA(Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer), Versions -104, 105, 106

Medium

6.5

3146261

[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Product – SAP NetWeaver Enterprise Portal, Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Medium

6.1

3146260

[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Product – SAP NetWeaver Enterprise Portal, Versions 7.30, 7.31, 7.40, 7.50

Medium

6.1

3144941

[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

Product – SAP Financial Consolidation, Version 10.1

Medium

5.4

3145997

[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

Product – SAP NetWeaver Application Server for ABAP, Versions 700, 701, 702, 731

Medium

5.4

3147283

[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Product – SAP Focused Run, Versions 200, 300

Medium

5.4

3147102

[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Product – Simple Diagnostics Agent, Versions=>1.0, < 1.58

Medium

5.3

3103424

[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

Product – SAP Business Objects Business Intelligence Platform, Version 420, 430

Medium

5.0

3111110

[CVE-2022-26100] Denial of service (DOS) in SAPCAR

Product – SAPCAR, Version 7.22

Medium

4.8

3132360

[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

Product – SAP NetWeaver AS JAVA (Portal Basis), Version 7.50

Low

3.7