SAP Security Patch Day – June 2022
SAP clients should monitor the release of SAP security updates, which have been published on 14th June 2022. This month’s release counts 12 security patches. This includes two notes that have been updated.
SAP Security Patches June 2022
We are committed to helping our customers become proactive. In terms of security updates, this means establishing an effective process for emergency fixes, but also knowing when such an update has been released. In addition, we recommend taking other measures that limit the impact of a missing fix.
In June, SAP released an update for a Security Note in April 2018. The Note has a CVSS Score of 10 and should be implemented immediately if you use the SAP Business Client in version 6.5.
Also noteworthy is that the SAProuter possibly has an improper Access Control. As described in Note 3158375, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform, from a remote client, for example, stopping the SAProuter, which could highly impact systems availability, depending on the configuration of the route permission table in file “saprouttab”. For security reasons, SAP generally recommends avoiding wildcards (*) for the target host and the target port in “P” and “S” entries in the route permission table.
Summary by Severity
The June release contains a total of 12 patches for the following severities: