10 maja 2022 r. w ramach SAP Security Patch Day udostępniono 8 nowych uwag dotyczących bezpieczeństwa. Ponadto pojawiły się 4 aktualizacje wcześniej wydanych informacji o bezpieczeństwie w dniu aktualizacji.
Link | Opis | CVSS |
3170990 | [CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework Priorytet:Krytyczny Komponent: XX-SER-SN Kategoria: Program error | 9,8 |
2998510 | [CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update Priorytet: Korekta o wysokim priorytecie Komponent: BI-BIP-INS Kategoria: Program error | 7,8 |
2756188 | Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end Priorytet:Korekta o średnim priorytecie Komponent: FI-FIO-AP Kategoria: Program error | 6,3 |
2754555 | Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end Priorytet:Korekta o średnim priorytecie Komponent: FI-FIO-AP Kategoria: Program error | 6,3 |
3165801 | [CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform Priorytet:Korekta o średnim priorytecie Komponent: BC-ABA-LI Kategoria: Program error | 6,5 |
3164677 | [CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request) Priorytet:Korekta o średnim priorytecie Komponent: PA-FIO-LEA Kategoria: Program error | 6,5 |
3158188 | [CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile Priorytet:Korekta o średnim priorytecie Komponent: BC-CCM-HAG Kategoria: Program error | 5,3 |
3189409 | [CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud Priorytet:Krytyczny Komponent: SBO-CRO-SEC Kategoria: Program error | 9,8 |
3146336 | [CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP Priorytet:Korekta o średnim priorytecie Komponent: CA-UI2-THD Kategoria: Program error | 5,4 |
3145702 | [CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform Priorytet: Korekta o średnim priorytecie Komponent: BC-CST-MS Kategoria: Program error | 5,3 |
3145046 | [CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM) Priorytet:Korekta o wysokim priorytecie Komponent: BC-CST-WDP Kategoria: Program error | 8,3 |
3143161 | Missing Authorization check for UI5 flexibility key user functionality Priorytet:Korekta o średnim priorytecie Komponent: CA-UI5-FL-LRP Kategoria: Program error | 4,3 |
3165333 | [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Priorytet:Korekta o średnim priorytecie Komponent: BC-MID-ICF Kategoria: Program error | 4,7 |
3171258 | [CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce Priorytet:HotNews Komponent: CEC-COM-CPS-WEB Kategoria: Program error | 9,8 |
3189635 | [CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics Priorytet: Krytyczny Komponent: IS-T-MA Kategoria: Program error | 9,8 |