On 13th of December2022, SAP Security Patch Day saw the release of 14new Patch Day Security Notes. Further, there were 5updates to previously released Patch Day Security.
| HotNews | |||
| Note# | Title | CVSS | CVE |
| 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | |
| 3239475 | Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform | 9,9 | [CVE-2022-41267] |
| 3273480 | Improper access control in SAP NetWeaver Process Integration (User Defined Search) | 9,9 | [CVE-2022-41272] |
| 3271523 | Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce | 9,8 | |
| 3267780 | Improper access control in SAP NetWeaver Process Integration (Messaging System) | 9,4 | [CVE-2022-41271] |
| High | |||
| 3268172 | Code Injection vulnerability in SAP BASIS | 8,8 | [CVE-2022-41264] |
| 3271091 | Privilege escalation vulnerability in SAP Business Planning and Consolidation | 8,5 | [CVE-2022-41268] |
| 3229132 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) | 8,2 | [CVE-2022-39013] |
| 3248255 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce | 8 | [CVE-2022-41266] |
