Back To Resources

SAP Security Notes – August 2022

August 10, 2022

In the August Patch Day, 5 new Patch Day Security Notes were added. Also, 2 previously released notes were updated.

Notes by severity

HotNews — 1

Correction with high priority — 1

Correction with medium priority — 7

Correction with low priority — 0

Highlights

The most critical in this patch day was the standard note update with CVSS Score 10 2622660 “Security updates for the browser control Google Chromium delivered with SAP Business Client” with minor text changes in the ‘Symptom’ section and a change in note priority.

The next major note with CVSS Score 8.2 was 3210823 “[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)”. In addition to that, 2 more vulnerabilities were closed for SAP BusinessObjects 3213507 and 3213524 with SAP priority medium.

Summary

SAP Component	Number	Title	CVSS Score	Priority	CVSS Vector
BC-FES-BUS-DSK	2622660	Security updates for the browser control Google Chromium delivered with SAP Business Client	10	HotNews	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
BI-BIP-INV	3210823	[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)	8.2	Correction with high priority	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
BC-MID-RFC	2245130	Potential bypass of unified connectivity runtime checks possible in BC-MID-RFC	6.3	Correction with medium priority	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
BC-IAM-SSO-OTP	3216653	[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android	5.3	Correction with medium priority	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
BI-BIP-ADM	3213507	[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)	5.2	Correction with high priority	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
BI-BIP-CMC	3213524	[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)	6	Correction with medium priority	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
KM-SEN-MGR	3210566	[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager	4.2	Correction with medium priority	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

#sapsecurity #sapvulnerabilities #sapresearch

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

See All Resources

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy