SAP Security Notes - 01/22 - SecurityBridge Cloud

.no-js-class { display: none; } body { background-color: #fff; }

No JavaScript!

It seems your browser does not support JavaScript or it was disable by purpose! We use JavaScript to improve the user experience. Please consider enabling it for a better usability.

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

3132058

CVSS

10.0

Affected system type SAP IoT

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Security Advisory

3136988

CVSS

10.0

Affected system type SAP IoT

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure

Security Advisory

3136094

CVSS

10.0

Affected system type SAP Digital...

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing

Security Advisory

3134139

CVSS

10.0

Affected system type SAP Enterprise...

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis

Security Advisory

3132177

CVSS

10.0

Affected system type SAP Localization Hub

Patchday 2022-01

Released on 2021/12/22

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India

Security Advisory

3132515

CVSS

10.0

Affected system type SAP Edge Services

Patchday 2022-01

Released on 2021/12/30

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition

Security Advisory

3131740

CVSS

9.8

Affected system type SAP Business One

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One

Security Advisory

3112928

CVSS

8.7

Affected system type ABAP

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA

Security Advisory

3134531

CVSS

7.5

Affected system type SAP HANA Platform

Patchday 2022-01

Released on 2021/12/24

Description [CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit

Security Advisory

3135581

CVSS

6.6

Affected system type Java

Patchday 2022-01

Released on 2022/01/11

Description Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Security Advisory

3101299

CVSS

6.6

Affected system type SAP Business One

Patchday 2022-01

Released on 2021/12/14

Description [CVE-2021-42066] Information Disclosure vulnerability in SAP Business One

Security Advisory

3106528

CVSS

6.5

Affected system type SAP Business One

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-44234] Information Disclosure vulnerability in SAP Business One

Security Advisory

3124597

CVSS

6.1

Affected system type SAP Enterprise Threat...

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection

Security Advisory

3131691

CVSS

5.5

Affected system type Adobe LiveCycle Designer

Patchday 2022-01

Released on 2021/12/30

Description [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

Security Advisory

3133005

CVSS

5.3

Affected system type Java

Patchday 2022-01

Released on 2021/12/28

Description Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Security Advisory

3112710

CVSS

4.3

Affected system type ABAP

Patchday 2022-01

Released on 2022/01/11

Description [CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory