IT Security Newsletter Q2

IT Security News

Below we have summarized the topics of the second quarter in 2022 for you.

SECURITY GAPS

Category

Security gap

Solution/ Workaround

To be noted

CVSS*

SAP

Security updates for Google Chromium browser control in SAP Business Client

Implementation of the patch.

SAP Note: 2622660

Attention:
This SAP note is updated regularly.

10

SAP

Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

Kernel update (ABAP and Java) or implementation of the patch.

SAP Note: 3123396

Attention:
SAP regression note: 1802333

FAQ-Hinweis: 3148968 

10

SAP

Central Security Note for Remote Code Execution vulnerability associated with Spring Framework

Implementation of the patch (Hana Cockpit Update, if applicable).

SAP Note: 3170990

Attention:
This is a key SAP note that provides further guidance on the Spring Framework.

9.8

SAP

Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services

Implementation of the patch.

SAP Note: 3189428

Attention:
Upgrade SAP HANA XSA component to version 1.0.145 (released on 04/07/2022) or higher.

9.8

F5

Critical vulnerabilities in BIG-IP products from F5

Implementation of the patch.

BSI:
Cyber Security Alert

9.8

VMware

Combined exploitation of critical vulnerabilities may enable takeover of select VMware products

Implementation of the patch.

BSI:
Cyber Security Alert

9.8

Atlassian Confluence

Active exploitation of a Zeroday vulnerability in Atlassian Confluence

Implementation of the patch.

BSI:
Cyber Security Alert

9.8

Spring4Shell

Vulnerability in Siemens access control systems

Implementation of the patch.

BSI:
Cyber Security Alert

9.8

Follina

Malicious code is infiltrated via Microsoft Office

Implementation of the patch.

BSI:
Cyber Security Alert

7.8

Linux

Linux kernel bug allows privilege escalation

Apply the workaround.

Heise: Warning

7.8

Java

Bug in Java makes digital signatures worthless

Implementation of the patch.

Heise: Warning

7.5

Lenovo

Lenovo system update could let malicious code onto computer

Implementation of the patch.

Heise: Warning

7.3

Sicherheitswarnungen

Kategorie

Sicherheitswarnung

Lösung / Workaround

Zu beachten

CVSS

BSI

Assessment of the current cyber security situation after the Russian attack on Ukraine

The BSI has identified an increased threat situation for Germany. The BSI therefore calls for IT security measures to be reviewed and adapted.

BSI:
Security message

SAP

The support end date for Python 2 in HANA DB is 01 July 2022

The use of Python 3 for the server component of SAP HANA 2.0. is recommended.

SAP Note: 3093542

*Common Vulnerability Scoring System (CVSS) 
0,0 – 10,0 (no rating – critical)

If you would like more detailed information on a specific topic, please feel free to contact our IT Security department at any time.

it-security@fis-asp.de