SAP releases July 2022 security updates
On 12th of July 2022, SAP released 20 new and 3 updated Security Notes. There are no hot news notes this month, but there are four high priority notes: one of which affects SAP BusinessObjects and three of which affect Business One.
The most severe of these issues is CVE-2022-35228 (CVSS Score 8.3), an information disclosure vulnerability in the BusinessObjects Business Intelligence Platform Central Management Console. The vulnerability allows an unauthenticated attacker to obtain information about tokens over a network that would otherwise be limited. Fortunately, such an attack would also require a legitimate user to access the application. With successful exploitation, an attacker can completely compromise the application.
The first of the high-severity CVSS 7.6 bugs affecting Business One is an information disclosure flaw (CVE-2022-32249), which allows a privileged attacker to gain access to sensitive information that could be used in subsequent attacks, such as login credentials. data.
The second issue in Business One is a missing authorization check (CVE-2022-28771), which allows an unauthenticated attacker to compromise an application using malicious HTTP requests sent over the network.
The third bug in Business One is a code injection vulnerability (CVE-2022-31593) that allows a low-privileged attacker to control the behavior of an application. All other vulnerabilities are classified as medium or low.
SAP Acquires Askdata
SAP announced that it has acquired Askdata, a startup focused on search-driven analytics.
With the acquisition of Askdata, SAP is strengthening its AI-powered natural language search capabilities. The Askdata IP address will become part of the SAP Business Technology Platform and will contribute to a next-generation lightweight analytics experience for SAP Analytics cloud and business application customers.
Irfan Khan, President and Chief Product Officer of SAP HANA Database & Analytics, stated: “The ability to cater to a wide range of user profiles will be the primary driver of data and analytics adoption. Askdata provides SAP with a path to lead this transition to the benefit of our customers.”