SAP News Overview for February 2022 - Collaboration with Arvato Systems, Security updates - Safe O'Clock

SAP News Overview for February 2022 – Collaboration with Arvato Systems, Security updates

March 3, 2022

SAP and Arvato Systems collaboration

SAP and Arvato Systems plan to invest in a sovereign cloud platform for the German administration. The new cloud offering must meet specific national requirements as part of the German cloud strategy, the two companies say. Under the new proposal, there will be no dependence on networks outside of Germany – both data processing and data storage, as well as the operation of all services, take place in the Federal Republic. There is also a complete separation from Microsoft’s global data centers and the existing public cloud infrastructure in Germany.

The technical offering is based on the proven Microsoft Azure cloud platform and can provide both Microsoft services and SAP enterprise solutions and applications.

SAP releases February 2022 security updates

On February 8th, SAP released 19 security updates, including 14 new fixes. Three of the vulnerabilities related to log4j and had a CVSS of 10 – note# 3142773, note #3130920, note #3139893. 

CVE-2022-22536 is a memory pipes (MPI) desynchronization vulnerability that received the highest CVSS score of 10.0. The flaw gives the attacker the opportunity to impersonate the victim. The exploitation of CVE-2022-22536 uses an un-auth HTTP request smuggling bug that can be used to steal SAP session data and credentials.

Another important vulnerability with 9,1 score CVSS is CVE-2022-22544 – Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools. A threat actor could use the flaw to control managed systems, and execute commands leading to sensitive information disclosure, loss of system integrity and denial-of-service.

CVE-2022-22532 is a HTTP request smuggling vulnerability according to SAP in the ICM component. However, Onapsis lists it as a use after free vulnerability. This vulnerability only exists in SAP NetWeaver Java systems. It received a CVSSv3 score of 8.1 and does not require authentication or user interaction to exploit.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more