IT Security News

Below we have summarized the topics of the first quarter in 2022 for you.

Security gaps

Category

Security gap

Solution/ Workaround

To be noted

CVSS*

SAP

Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

Implementation of the patch (if necessary Hana Cockpit Update) or use the workaround/ configuration change.

SAP Note: 3131047

Attention:
This SAP note is updated regularly.

BSI: Security alert

BSI: Working paper

Producer Info: List

SAP: Info

10

SAP

Remote Code Execution Vulnerability Associated with Apache Log4j 2 Component in SAP Commerce

Implementation of the patch or use the workaround.

SAP Note: 3142773

Attention:
Custom or third-party SAP commerce extensions may include additional copies of log4j libraries.

10

SAP

Security updates for Google Chromium browser control in SAP Business Client

Implementation of the patch.

SAP Note: 2622660

Attention:
This SAP note is updated almost monthly.

10

SAP

Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher                

Kernel update (ABAP and Java) or implementation of the patch.

SAP Note: 3123396

Attention:

SAP regression note: 1802333

FAQ Note 3148968

10

Linux

A vulnerability in Samba allows code to be executed with root privileges

Implementation of the patch.

9.9

XML

Critical vulnerability in XML parser library Expat

Implementation of the patch.

Heise: Warning

9.8

Backup

Security vulnerabilities in the backup software Veeam Backup & Replication

Implementation of the patch.

Heise: Warning

9.8

Firewall

Critical vulnerability in Sophos Firewall

Implementation of the patch.

Heise: Warning

9.8

SAP

Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools

Implementation of the patch and correction instruction installation or use the workaround.

SAP Note: 3140940

9.1

Drucker

Critical vulnerability in more than 200 HP printer models

Importing firmware updates.

Heise: Warning

8.4

Linux

A vulnerability in PolicyKit allows unauthorized local users root access

Implementation of the patch.

7.8

Security warnings

Kategorie

Sicherheitswarnung

Lösung / Workaround

Zu beachten

CVSS

Kaspersky

Warning against anti-virus software from Kaspersky

Antivirus software Kaspersky should be replaced with alternative products.

Virustotal

Data leakage in case of VirusTotal file scans

If VirusTotal is used, its use should be reviewed with respect to information security objectives (confidentiality, integrity, and availability).

SAP

The support end date for SAP Business Client version 7.0 is April 12, 2022.

An update to version 7.70 is recommended.

SAP Note: 2302074

*Common Vulnerability Scoring System (CVSS) 
0,0 – 10,0 (no rating – critical)

If you would like more detailed information on a specific topic, please feel free to contact our IT Security department at any time.

contact

FIS-ASP Application Service Providing und IT-Outsourcing GmbH
Röthleiner Weg 4
D-97506 Grafenrheinfeld

Phone.: +49 97 23 / 91 88-500
Fax: +49 97 23 / 91 88-600

info@fis-asp.de

aktuelle beiträge

Would you like to know
more about us?

The following link takes you to our download area. Here you can find information about the company, white papers and use cases.

IT-SECURITY NEWSLETTER

We inform you about current changes in the area of IT security. Sign up and don’t miss any more information in the future.