SAP News Overview for February 2022 - Safe O'Clock

SAP News Overview for February 2022

March 3, 2022

SAP and Arvato Systems collaboration

SAP and Arvato Systems plan to invest in a sovereign cloud platform for the German administration. The new cloud offering must meet specific national requirements as part of the German cloud strategy, the two companies say. Under the new proposal, there will be no dependence on networks outside of Germany – both data processing and data storage, as well as the operation of all services, take place in the Federal Republic. There is also a complete separation from Microsoft’s global data centers and the existing public cloud infrastructure in Germany.

The technical offering is based on the proven Microsoft Azure cloud platform and can provide both Microsoft services and SAP enterprise solutions and applications.

SAP releases February 2022 security updates

On February 8th, SAP released 19 security updates, including 14 new fixes. Three of the vulnerabilities related to log4j and had a CVSS of 10 – note# 3142773, note #3130920, note #3139893. 

CVE-2022-22536 is a memory pipes (MPI) desynchronization vulnerability that received the highest CVSS score of 10.0. The flaw gives the attacker the opportunity to impersonate the victim. The exploitation of CVE-2022-22536 uses an un-auth HTTP request smuggling bug that can be used to steal SAP session data and credentials.

Another important vulnerability with 9,1 score CVSS is CVE-2022-22544 – Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools. A threat actor could use the flaw to control managed systems, and execute commands leading to sensitive information disclosure, loss of system integrity and denial-of-service.

CVE-2022-22532 is a HTTP request smuggling vulnerability according to SAP in the ICM component. However, Onapsis lists it as a use after free vulnerability. This vulnerability only exists in SAP NetWeaver Java systems. It received a CVSSv3 score of 8.1 and does not require authentication or user interaction to exploit.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – December 2024

On the 10th of December 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP Security Notes – November 2024

On the 12th of November 2024, SAP Security Patch Day saw the release of 8 new Security Notes. There were […]

Read more
SAP Security Notes – October 2024

On the 8th of October 2024, SAP Security Patch Day saw the release of 6 new Security Notes. There were […]

Read more
SAP Security Notes – September 2024

On the 10th of September 2024, SAP Security Patch Day saw the release of 16 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK