We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.

 

Severity
SAP© Security advisories 14
 System Types
Affected SAP© system types

 

Related note
3273480
CVSS
9.9

Affected system type Java
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)
Security Advisory
Related note
3239475
CVSS
9.9

Affected system type BI/BO platform
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3271523
CVSS
9.8

Affected system type SAP Commerce
Patchday 2022-12
Released on 2022/12/13
Description Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce
Security Advisory
Related note
3267780
CVSS
9.4

Affected system type Java
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)
Security Advisory
Related note
3268172
CVSS
8.8

Affected system type ABAP
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41264] Code Injection vulnerability in SAP BASIS
Security Advisory
Related note
3271091
CVSS
8.5

Affected system type ABAP
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation
Security Advisory
Related note
3248255
CVSS
8.0

Affected system type SAP Commerce
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce
Security Advisory
Related note
3266846
CVSS
6.5

Affected system type SAP Disclosure Management
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management
Security Advisory
Related note
3271313
CVSS
6.1

Affected system type ABAP
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)
Security Advisory
Related note
3258950
CVSS
6.1

Affected system type ABAP
Patchday 2022-12
Released on 2022/12/13
Description Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)
Security Advisory
Related note
3262544
CVSS
6.1

Affected system type Java
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)
Security Advisory
Related note
3265173
CVSS
6.0

Affected system type Java
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)
Security Advisory
Related note
3249648
CVSS
4.3

Affected system type BI/BO platform
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)
Security Advisory
Related note
3270399
CVSS
4.3

Affected system type Java
Patchday 2022-12
Released on 2022/12/13
Description [CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management
Security Advisory