SAP Security Notes - August 2022 - Safe O'Clock
Book a Demo Partner with us
Book a Demo Partner with us
Back To Resources

SAP Security Notes – August 2022

August 10, 2022

In the August Patch Day, 5 new Patch Day Security Notes were added. Also, 2 previously released notes were updated. 

Notes by severity

HotNews — 1

Correction with high priority — 1

Correction with medium priority — 7

Correction with low priority — 0

Highlights

The most critical in this patch day was the standard note update with CVSS Score 10 2622660 “Security updates for the browser control Google Chromium delivered with SAP Business Client” with minor text changes in the ‘Symptom’ section and a change in note priority.

The next major note with CVSS Score 8.2 was 3210823 “[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)”. In addition to that, 2 more vulnerabilities were closed for SAP BusinessObjects 3213507 and 3213524 with SAP priority medium.

Summary

SAP Component Number Description Priority CVSS CVSS Vector
BC-FES-BUS-DSK 2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client HotNews 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
BI-BIP-INV 3210823 [CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document) high 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
BC-MID-RFC 2245130 Potential bypass of unified connectivity runtime checks possible in BC-MID-RFC medium 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
BC-IAM-SSO-OTP 3216653 [CVE-2022-35290] Information Disclosure in SAP Authenticator for Android medium 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
BI-BIP-ADM 3213507 [CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) medium 5.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
BI-BIP-CMC 3213524 [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) medium 6.0 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
KM-SEN-MGR 3210566 [CVE-2022-35293] Missing authorization check in SAP Enable Now Manager medium 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
#sapsecurity #sapvulnerabilities #sapresearch
You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – December 2024

On the 10th of December 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP Security Notes – November 2024

On the 12th of November 2024, SAP Security Patch Day saw the release of 8 new Security Notes. There were […]

Read more
SAP Security Notes – October 2024

On the 8th of October 2024, SAP Security Patch Day saw the release of 6 new Security Notes. There were […]

Read more
SAP Security Notes – September 2024

On the 10th of September 2024, SAP Security Patch Day saw the release of 16 new Security Notes. There were […]

Read more
See All Resources

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK