Skip to content
Linkedin Twitter Facebook Xing
< Back to Overview

SAP Security Patch Day – June 2022

SAP security Patch day

SAP clients should monitor the release of SAP security updates, which have been published on 14th June 2022. This month’s release counts 12 security patches. This includes two notes that have been updated.

SAP Security Patches June 2022

We are committed to helping our customers become proactive. In terms of security updates, this means establishing an effective process for emergency fixes, but also knowing when such an update has been released. In addition, we recommend taking other measures that limit the impact of a missing fix.

Highlights

In June, SAP released an update for a Security Note in April 2018. The Note has a CVSS Score of 10 and should be implemented immediately if you use the SAP Business Client in version 6.5.

Also noteworthy is that the SAProuter possibly has an improper Access Control. As described in Note 3158375, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform, from a remote client, for example, stopping the SAProuter, which could highly impact systems availability, depending on the configuration of the route permission table in file “saprouttab”. For security reasons, SAP generally recommends avoiding wildcards (*) for the target host and the target port in “P” and “S” entries in the route permission table.

Use SecurityBridge Patch Management to never miss an important patch, applicable for your SAP products.

Request a Demo

Summary by Severity

The June release contains a total of 12 patches for the following severities:

SeverityNumber
Hot News
1
High
2
Medium
7
Low
2
NoteDescriptionSeverityCVSS
2622660Security updates for the browser control Google Chromium delivered with SAP Business Client
Priority: HotNews
Released on: 10.04.2018
Components: BC-FES-BUS-DSK
Category: Program error		Hot News10,0
3206271[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Priority: Correction with medium priority
Released on: 14.06.2022
Components: CA-VE-VEV
Category: Program error		Medium6,5
3158815[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation
Priority: Correction with medium priority
Released on: 14.06.2022
Components: EPM-BFC-PRO
Category: Program error		Medium5,0
3158619[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CST-STS
Category: Program error		Medium4,9
3158375[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform
Priority: Correction with high priority
Released on: 14.06.2022
Components: BC-CST-NI
Category: Program error		High8,6
3155571[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)
Priority: Correction with low priority
Released on: 14.06.2022
Components: BC-DB-SYB
Category: Program error		Low3,2
3202846[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)
Priority: Correction with low priority
Released on: 14.06.2022
Components: BC-DWB-JAV-COR
Category: Program error		Low3,4
3197927[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CTS-DTR
Category: Program error		Medium6,1
3197005[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7
Priority: Correction with high priority
Released on: 14.06.2022
Components: BC-SYB-PD
Category: Program error		High7,8
3194674[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent
Priority: Correction with medium priority
Released on: 14.06.2022
Components: BC-CST-STS
Category: Program error		Medium5,0
3165801[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Priority: Correction with medium priority
Released on: 10.05.2022
Components: BC-ABA-LI
Category: Program error		Medium6,5
3203065[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.
Priority: Correction with medium priority
Released on: 14.06.2022
Components: FI-LOC-FI-IL-AP
Category: Program error		Medium5,0

Posted by

Till Pleyer
Find recent Security Advisories for SAP©
View Advisory for May'22
White Paper - Bridging the Gap How SecurityBridge Supports NIST CSF in SAP Environments
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
Security Automation Webinar

Security Automation: The Need for a Last Line of Defense

Join our upcoming webinar session on Security Automation with special guests from SecurityBridge and discover how you can automate your SAP security and compliance processes to improve your security posture and implement a last line of defence for your mission-critical SAP landscape.
Learn more
Senior SAP Developer Singapore

Senior SAP Developer (ABAP/4 and SAPUI5 Fiori) – Singapore

Careers
As a Senior SAP Developer, you will be responsible for designing, developing, and maintaining SAP solutions while leading and guiding a team of developers. You will play a crucial role in the development of standard products, and your technical expertise and communication skills will be instrumental in ensuring the success of our projects. This role demands strong leadership, technical acumen, and the ability to collaborate effectively in an international development team.

Countering Data Breaches – An Urgent Call for Action

SAP Cybersecurity
Earlier this year, IBM presented its 18th edition of ‘The Cost of a Data Breach Report’ (you can find it here). This publication provides detailed and valuable insights into various factors related to data breaches. It is based on research carried out at 553 impacted organizations - any IT security professional should check it out. In this article, we will highlight some of this report’s findings and bring them into the context of SAP security.
We're hiring a financial controller/analyst

Financial Controller

Careers
As a Controller/Financial Analyst at SecurityBridge, you will play a crucial role in managing and optimizing financial processes, ensuring accurate reporting, and providing strategic financial insights. This is an exciting opportunity for a detail-oriented professional to contribute to the financial success of the fastest-growing cybersecurity provider for SAP systems.