Headline
CVE-2022-22533: SAP Security Patch Day - February 2022 - Product Security Response at SAP
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
Note#****Title****Priority****CVSS3123396
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher Product - SAP Web Dispatcher, Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87
Product - SAP Content Server, Version - 7.53
Product - SAP NetWeaver and ABAP Platform, Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49
Hot News103142773[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce
Related CVEs - CVE-2021-45046, CVE-2021-45105, CVE-2021-44832
Product - SAP Commerce, Versions - 1905, 2005, 2105, 2011Hot News103130920Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)
Related CVEs - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
Product - SAP Data Intelligence, Version - 3
Hot News103139893[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management
Related CVEs - CVE-2021-44228, CVE-2021-45046
Product - SAP Dynamic Authorization Management, Version - 9.1.0.0, 2021.03Hot News103132922_Update to Security Note released in December 2021:
_[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform
Related CVEs - CVE-2021-45105, CVE-2021-45046 , CVE-2021-44832
Product - Internet of Things Edge Platform, Version - 4.0Hot News103133772Update to Security Note released in December 2021:
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout
Related CVEs - CVE-2021-45046, CVE-2021-45105
Product - SAP Customer Checkout, Version - 2Hot News103131047Update to Security Note released in December 2021:
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 componentHot News102622660_Update to Security Note released on April 2018 Patch Day:_
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5Hot News103140940[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
Product - SAP Solution Manager (Diagnostics Root Cause Analysis Tools), Version - 720Hot News9.13112928_Update to Security Note released on January 2022 Patch Day:_
[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANAAdditional CVE - CVE-2022-22530Product - SAP S/4HANA, Versions - 100, 101, 102, 103, 104, 105, 106High8.73123427
[CVE-2022-22532] **HTTP Request Smuggling in SAP NetWeaver Application Server Java
**Product - SAP NetWeaver Application Server Java, Versions - KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53
High8.13140587[CVE-2022-22540] **SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)
**Product - SAP NetWeaver AS ABAP (Workplace Server), Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787High7.13124994
[CVE-2022-22534] **Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
**Product - SAP NetWeaver (ABAP and Java application Servers), Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756
Medium4.73126489
[CVE-2022-22535] **Missing Authorization check in SAP ERP HCM
**Product - SAP ERP HCM (Portugal), Versions - 600, 604, 608
Medium6.53126748
[CVE-2022-22546] **XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)
**Product - SAP Business Objects Web Intelligence (BI Launchpad) , Version - 420
Medium5.43134684
[Multiple CVEs] **Improper Input Validation in SAP 3D Visual Enterprise Viewer
**CVEs - CVE-2022-22537, CVE-2022-22539, CVE-2022-22538
Product - SAP 3D Visual Enterprise Viewer , Version - 9.0
Medium4.33140564
[CVE-2022-22528] **Information Disclosure in SAP Adaptive Server Enterprise
**Product - SAP Adaptive Server Enterprise , Version - 16.0
Medium5.63142092
[CVE-2022-22542] **Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)
**Product - SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) , Versions - 104, 105, 106
Medium6.53116223
[CVE-2022-22543] **Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)
**Product - SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) , Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49
Low3.7