Firma SAP publikuje aktualizacje bezpieczeństwa 10/2022

utworzone przez | paź 12, 2022 | Aktualizacje

11 października 2022 r. firma SAP opublikowała 23 nowe i zaktualizowane zalecenia dotyczące bezpieczeństwa, które usuwają luki w wielu produktach.

SAP NotaTypOpisPriorytetKrytyczność
2495712NowaMissing authorization check in SAP Automotive Solutions IS-AŚrednia6,5
3239293Nowa[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder) BI-BIP-ADM   Wysoka7,7
3229425Nowa[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP BI-RA-AWBŚrednia5,4
3229132Nowa[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) BI-BIP-ADMWysoka8,2
3211161Nowa[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) BI-BIP-INVŚrednia6,1
3248970Nowa[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) CEC-PRO-GIYŚrednia4,9
3248384Nowa[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) CEC-PRO-GIYŚrednia4,9
3245929Nowa[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author CA-VE-VEAWysoka7,0
3245928Nowa[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer CA-VE-VEVWysoka7,0
3242933Nowa[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution MFG-MEKrytyczna9,9
3202523NowaCross-Site Scripting (XSS) vulnerability in SAP Commerce CEC-COM-CPSŚrednia6,1
3049899Nowa[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now KM-SEN-MGRŚrednia6,5
3167342Nowa[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console EIM-DS-SVRŚrednia4,8
3239152Nowa[CVE-2022-41204] Account hijacking through URL Redirection vulnerability in SAP Commerce login form CEC-COM-CPSKrytyczna9,6
3234755NowaInformation Disclosure vulnerability in Master Data Governance CA-MDG-APP-CUSŚrednia4,3
3233226Nowa[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) BI-BIP-LCMŚrednia6,8
3232021Nowa[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ BC-SYB-SQAWysoka8,1
3150454AktualizacjaInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform BC-MID-RFCŚrednia4,9
2726124AktualizacjaMissing Authorization Check in multiple components under SAP Automotive Solutions IS-AŚrednia6,3
2460948AktualizacjaMissing Authorization Check in Vehicle Management System IS-A-VMSŚrednia5,3
2634023AktualizacjaMissing authorization check in Consumption of CDS Views (or) OData Services in QM-QN QM-QNŚrednia6,3
3213524Aktualizacja[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) BI-BIP-CMCŚrednia6,0
3213507Aktualizacja[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) BI-BIP-ADMWysoka8,2

Source:

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10