We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest
CVSS
score is 9.8.
Severity
SAP© Security advisories 11
System Types
Affected SAP© system types
3189409
CVSS
9.8
Affected system type
SAP Business One Cloud
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud
3145046
CVSS
8.3
Affected system type
Kernel
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)
2998510
CVSS
7.8
Affected system type
BI/BO platform
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update
3165801
CVSS
6.5
Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
3164677
CVSS
6.5
Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)
2756188
CVSS
6.3
Affected system type
UI5
Patchday
2022-05
Released on
2022/05/10
Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end
2754555
CVSS
6.3
Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10
Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end
3146336
CVSS
5.4
Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP
3158188
CVSS
5.3
Affected system type
SAP Host Agent
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile
3145702
CVSS
5.3
Affected system type
SAP Host Agent Kernel
Patchday
2022-05
Released on
2022/05/10
Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform
3143161
CVSS
4.3
Affected system type
ABAP
Patchday
2022-05
Released on
2022/05/10
Description
Missing Authorization check for UI5 flexibility key user functionality