We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 17
System Types
Affected SAP© system types
3142773
CVSS
10.0
Affected system type
SAP Commerce
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce
3130920
CVSS
10.0
Affected system type
SAP Data Intelligence
Patchday
2022-02
Released on
2022/01/18
Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)
3123396
CVSS
10.0
Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
3139893
CVSS
10.0
Affected system type
None
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management
3140940
CVSS
9.1
Affected system type
Java
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
3123427
CVSS
8.1
Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java
3140587
CVSS
7.1
Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)
3142092
CVSS
6.5
Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)
3126489
CVSS
6.5
Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM
2531036
CVSS
6.3
Affected system type
ABAP
Patchday
2022-02
Released on
2019/04/09
Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)
3140564
CVSS
5.6
Affected system type
SAP Adaptive Server...
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise
3126748
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)
3128473
CVSS
4.9
Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
3124994
CVSS
4.7
Affected system type
ABAP
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
3134684
CVSS
4.3
Affected system type
SAP 3D Visual Enterprise
Patchday
2022-02
Released on
2022/02/08
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
3107196
CVSS
4.3
Affected system type
ABAP
Patchday
2022-02
Released on
2022/01/25
Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP
3116223
CVSS
3.7
Affected system type
Kernel
Patchday
2022-02
Released on
2022/02/08
Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)