SAP Security Patch Day for December 2022

On 13th of December2022, SAP Security Patch Day saw the release of 14new Patch Day Security Notes. Further, there were 5updates to previously released Patch Day Security.

HotNews
Note# Title CVSS CVE
2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client 10
3239475 Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform 9,9 [CVE-2022-41267]
3273480 Improper access control in SAP NetWeaver Process Integration (User Defined Search) 9,9 [CVE-2022-41272]
3271523 Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce 9,8
3267780 Improper access control in SAP NetWeaver Process Integration (Messaging System) 9,4 [CVE-2022-41271]
High
3268172 Code Injection vulnerability in SAP BASIS 8,8 [CVE-2022-41264]
3271091 Privilege escalation vulnerability in SAP Business Planning and Consolidation 8,5 [CVE-2022-41268]
3229132 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) 8,2 [CVE-2022-39013]
3248255 Cross-Site Scripting (XSS) vulnerability in SAP Commerce 8 [CVE-2022-41266]

 

Leave a Reply


6 − two =

Blogroll