Firma SAP publikuje aktualizacje bezpieczeństwa 10/2022

cert.pse-online.pl 2 lat temu

11 października 2022 r. firma SAP opublikowała 23 nowe i zaktualizowane zalecenia dotyczące bezpieczeństwa, które usuwają luki w wielu produktach.

SAP Nota	Typ	Opis	Priorytet	Krytyczność
2495712	Nowa	Missing authorization check in SAP Automotive Solutions IS-A	Średnia	6,5
3239293	Nowa	[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder) BI-BIP-ADM	Wysoka	7,7
3229425	Nowa	[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP BI-RA-AWB	Średnia	5,4
3229132	Nowa	[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) BI-BIP-ADM	Wysoka	8,2
3211161	Nowa	[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) BI-BIP-INV	Średnia	6,1
3248970	Nowa	[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) CEC-PRO-GIY	Średnia	4,9
3248384	Nowa	[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya) CEC-PRO-GIY	Średnia	4,9
3245929	Nowa	[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author CA-VE-VEA	Wysoka	7,0
3245928	Nowa	[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer CA-VE-VEV	Wysoka	7,0
3242933	Nowa	[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution MFG-ME	Krytyczna	9,9
3202523	Nowa	Cross-Site Scripting (XSS) vulnerability in SAP Commerce CEC-COM-CPS	Średnia	6,1
3049899	Nowa	[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now KM-SEN-MGR	Średnia	6,5
3167342	Nowa	[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console EIM-DS-SVR	Średnia	4,8
3239152	Nowa	[CVE-2022-41204] Account hijacking through URL Redirection vulnerability in SAP Commerce login form CEC-COM-CPS	Krytyczna	9,6
3234755	Nowa	Information Disclosure vulnerability in Master Data Governance CA-MDG-APP-CUS	Średnia	4,3
3233226	Nowa	[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) BI-BIP-LCM	Średnia	6,8
3232021	Nowa	[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ BC-SYB-SQA	Wysoka	8,1
3150454	Aktualizacja	Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform BC-MID-RFC	Średnia	4,9
2726124	Aktualizacja	Missing Authorization Check in multiple components under SAP Automotive Solutions IS-A	Średnia	6,3
2460948	Aktualizacja	Missing Authorization Check in Vehicle Management System IS-A-VMS	Średnia	5,3
2634023	Aktualizacja	Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN QM-QN	Średnia	6,3
3213524	Aktualizacja	[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) BI-BIP-CMC	Średnia	6,0
3213507	Aktualizacja	[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) BI-BIP-ADM	Wysoka	8,2