SAP releases March 2022 security updates
On March of 8th, SAP released 17 security updates, including four HotNews Notes and one High Priority Note. Most of the critical fixes are still Log4j fixes.
SAP Security Note #3154684, which received the highest CVSS score of 10.0, is one of these Log4j fixes. That affects on-premise versions of SAP Work Manager and SAP Inventory that run on the SAP Mobile platform.
HotNews Note #3131047 is the central SAP Security Note for the Log4j vulnerability and was updated with information about the new note #3154684.
SAP Security Note #3145987 fixes a missing authentication vulnerability in the SAP Simple Diagnostics agent. CVE-2022-24396 with CVSS score of 9.3 could allow an attacker to gain access to administrative or other privileged functions, or to read, modify, or delete sensitive information and configurations.
To patch the vulnerability, SAP customers need to update both the SAP Simple Diagnostics Agent and the SAP Host Agent.
SAP leaves Russian market
SAP responded publicly with a March 2 blog post by CEO Christian Klein titled “Standing in Solidarity”. The company says it has stopped business in Russia in line with global sanctions and is suspending all sales of SAP services and products in the country.
According to SAP representatives, this measure will not prevent Russian users from continuing to use the company’s products, since maintaining the work of previously installed software does not require external support.