Firma SAP publikuje aktualizacje bezpieczeństwa 04/2022

utworzone przez | kwi 13, 2022 | Aktualizacje

12 kwietnia 2022 r. w ramach SAP Security Patch Day wydano 22 nowe uwagi dotyczące bezpieczeństwa. Ponadto pojawiło się 10 aktualizacji do wcześniej wydanych informacji dotyczących bezpieczeństwa w dniu aktualizacji.

linkDescriptionKrytyczmośćCVSS
3055044[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje – SOAP Web services)Średnia5,4
3163583[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise PortalŚrednia6,1
3159091[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)Niska2,7
3158613Update 1 to Security Note 3022622 – [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and IntelligenceKrytyczna9,1
3155609Privilege escalation vulnerability in Apache Tomcat server component of SAP CommerceWysoka7,0
3130497[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.Wysoka8,2
3111293[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)Średnia4,9
3111311[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)Wysoka7,5
3152442[CVE-2022-27669] Missing Authentication check in XML Data Archiving ServiceŚrednia5,3
3150845[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)Średnia4,3
3148377[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPCŚrednia6,5
3148094[CVE-2022-27670] Denial of service (DOS) in SQL AnywhereŚrednia6,5
3145769[CVE-2022-27667] Information Disclosure vulnerability in CMCŚrednia5,3
3143437[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise ViewerŚrednia6,5
3138299[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)Średnia4,1
3137191[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects PlatformŚrednia6,8
3128473[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP PlatformSrednia4,9
3022622[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and IntelligenceKrytyczna9,1
2622660Security updates for the browser control Google Chromium delivered with SAP Business ClientKrytyczna10,0
3189428[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application ServicesKrytyczna9,8
3170990[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring FrameworkKrytyczna9,8