Skip to content
Linkedin Twitter Facebook Xing
< Back to Overview

SAP Security Patch Day – June 2022

SAP security Patch day

SAP clients should monitor the release of SAP security updates, which have been published on 14th June 2022. This month’s release counts 12 security patches. This includes two notes that have been updated.

SAP Security Patches June 2022

We are committed to helping our customers become proactive. In terms of security updates, this means establishing an effective process for emergency fixes, but also knowing when such an update has been released. In addition, we recommend taking other measures that limit the impact of a missing fix.

Highlights

In June, SAP released an update for a Security Note in April 2018. The Note has a CVSS Score of 10 and should be implemented immediately if you use the SAP Business Client in version 6.5.

Also noteworthy is that the SAProuter possibly has an improper Access Control. As described in Note 3158375, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform, from a remote client, for example, stopping the SAProuter, which could highly impact systems availability, depending on the configuration of the route permission table in file “saprouttab”. For security reasons, SAP generally recommends avoiding wildcards (*) for the target host and the target port in “P” and “S” entries in the route permission table.

Use SecurityBridge Patch Management to never miss an important patch, applicable for your SAP products.

Request a Demo

Summary by Severity

The June release contains a total of 12 patches for the following severities:

Severity Number
Hot News
 1
High
 2
Medium
 7
Low
 2
Note Description Severity CVSS
2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client
Priority: HotNews
Released on: 10.04.2018
Components: BC-FES-BUS-DSK
Category: Program error		 Hot News 10,0
3206271 [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Priority: Correction with medium priority
Released on: 14.06.2022
Components: CA-VE-VEV
Category: Program error		 Medium 6,5
3158815 [CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation
Priority: Correction with medium priority
Released on: 14.06.2022
Components: EPM-BFC-PRO
Category: Program error		 Medium 5,0
3158619 [CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CST-STS
Category: Program error		 Medium 4,9
3158375 [CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform
Priority: Correction with high priority
Released on: 14.06.2022
Components: BC-CST-NI
Category: Program error 		High 8,6
3155571 [CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)
Priority: Correction with low priority
Released on: 14.06.2022
Components: BC-DB-SYB
Category: Program error 		Low 3,2
3202846 [CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)
Priority: Correction with low priority
Released on: 14.06.2022
Components: BC-DWB-JAV-COR
Category: Program error		 Low 3,4
3197927 [CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CTS-DTR
Category: Program error		 Medium 6,1
3197005 [CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7
Priority: Correction with high priority
Released on: 14.06.2022
Components: BC-SYB-PD
Category: Program error		 High 7,8
3194674 [CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CST-STS
Category: Program error		 Medium 5,0
3165801 [CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Priority: Correction with medium priority
Released on: 10.05.2022
Components: BC-ABA-LI
Category: Program error		 Medium 6,5
3203065 [CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.
Priority: Correction with medium priority
Released on: 14.06.2022
Components: FI-LOC-FI-IL-AP
Category: Program error		 Medium 5,0

Posted by

Till Pleyer
Find recent Security Advisories for SAP©
View Advisory for May'22
whitepaper SAP Fiori
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.

Webcast – Protect your SAP from Ransomware Attacks

We cordially invite you to participate in our webcast on April 10th at 14:30 CET. This exclusive event is a joint initiative of SecurityBridge in cooperation with BowBridge and Log2 and will allow you to listen to exciting insights from top-class experts.
Learn more
Sales & Partner Manager APAC Singapore

Sales & Partner Manager – APAC Market (Singapore)

Careers
We are expanding our operation in the APAC region and are looking for an experienced Sales & Partner Manager to join our team in Singapore. The ideal candidate will have at least 5 years of experience in sales, with a focus on software sales, SAP security, or cybersecurity.
Pre-Sales Consultant APAC Singapore

Pre-Sales Consultant – APAC Singapore

Careers
As a Pre-Sales Consultant at SecurityBridge, you will be instrumental in our rapid expansion within the APAC region. You will directly contribute to the growth of our innovative SAP security solution, SecurityBridge.
SAP Security Patch Tuesday 2024

SAP Security Patch Day – April 2024

SAP Security Patch Day
For April 2024, 10 new Security Notes have been released and 2 have been updated. What stands out is that there are no ‘Hot News’ notes in this release. But let that not be a reason to ‘lower your guard’! We explore some interesting highlights below.