SummarySAP released its February 2022 Security Updates addressing vulnerabilities in multiple products, including Content Server, NetWeaver, Business Client, S/4HANA, and Solution Manager. In total, there are 19 security patches, five of which update previous vulnerabilities. CVSS scores ranged from 3.7 to 10.0.
The following vulnerabilities are critical and new to this monthly update:
Fixes for the following additional high-severity vulnerabilities are included in this month’s release:
AnalysisAffected Versions These vulnerabilities affect versions of the following SAP products:
Please refer to the SAP advisory page for further details.
Potential Impact Successful exploitation of these vulnerabilities could allow attackers to gain access to affected systems, allowing for theft of sensitive data, financial fraud, elevation of privileges, denial-of-service (DoS) conditions, cross-site scripting, data exfiltration, remote code execution, and halt of all operations.
RecommendationsSAP has released software updates which address these vulnerabilities.
Recommends clients apply software updates as soon as possible after appropriate evaluation and testing have been completed. Referenceshttps://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 |
No comments:
Post a Comment