Search
Facebook Instagram Linkedin Xing
Search

IT Security Newsletter Q3

IT Security News

Below we have summarized the topics of the second quarter in 2022 for you. 

SECURITY GAPS

Category

Security gap

Solution/ Workaround

To be noted

CVSS*

SAP

Security updates for the browser control Google Chromium delivered with SAP Business Client

Implementation of the patch

SAP Note: 2622660

10

SAP

Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse

Implementation of the patch or applying the workaround

SAP Note: 3102769

Attention: For the two possibilities regarding the workaround, please note the following:

SAP Note 3221696: Deactivation of the SAP ICS component

8.8

SAP

Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Implementation of the patch

SAP Note: 3226411 

8.3

SAP

Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Implementation of the patch

SAP Note: 3210823

8.2

SAP

Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application

Implementation of the patch and entitlement adjustment

SAP Note: 3226411 

8.1

SAP

Windows Unquoted Service Path issue in SAP Business One

Updating the SAP Business One component

SAP Note: 3223392

7.8

SAP

Central Management Server Information Disclosure in Business Intelligence Update

Updating the SBOP BI Platform Versionn

SAP Note:2998510

7.8

SAP

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Updating the SBOP BI Platform Version

SAP Note: 3217303

7.7

SAP

Missing Authentication check in SAP Business One (License serviceAPI)

Implementation of the patch

SAP Note: 3157613

Attention:
It is recommended to upgrade to version 10.0.
For the workaround see SAP Not: 3189816

7.5

SAP

Code Injection vulnerability in SAP Business One

Implementation of the patch and manual adjustments

SAP Note: 3191012

Attention: The block list of files should be maintained in the Business One Manager under the general settings in order to upgrade to version 10.0.

7.4

SAP

Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Importing the correction instructions

SAP Note: 3237075

7.1

SAFETY WARNINGS

Category

Security gap

Solution/ Workaround

To be noted

CVSS

Samba

Attackers could change admin passwords

Implementation of the patch

Heise: Security message

Python

15-year-old vulnerability allows attackers to overwrite important system files

Distributions have not been able to offer a fix accordingly so far. Future update could fix this bug

Heise: Security message

*Common Vulnerability Scoring System (CVSS) 
0,0 – 10,0 (keine Bewertung – kritisch)

If you would like more detailed information on a specific topic, please feel free to contact our IT Security department at any time.

it-security@fis-asp.de

Über uns

Die FIS-ASP der zuverlässige IT-Dienstleister mit tiefgreifendem Know-how über Cloud Computing, Managed Services und Application Delivery.

Kontakt

FIS-ASP Application Service Providing und IT-Outsourcing GmbH
Röthleiner Weg 4
D-97506 Grafenrheinfeld
Tel.: +49 97 23 / 91 88-500
Fax: +49 97 23 / 91 88-600

Quickmenü

Aktuelles

IT-SECURITY NEWSLETTER

(1) Erläuterung zu Informationen auf Basis persönlicher Interessen
(2) Datenschutzerklärung

© 2025 FIS-ASP - IT-Dienstleister, SAP-HANA, IT-Outsourcing, SAP Cloud Hosting. All rights reserved.

Facebook Instagram Linkedin Xing

contact

FIS-ASP Application Service Providing und IT-Outsourcing GmbH
Röthleiner Weg 4
D-97506 Grafenrheinfeld

Phone.: +49 97 23 / 91 88-500
Fax: +49 97 23 / 91 88-600

info@fis-asp.de

aktuelle beiträge

AI Act
27. March 2025

Artificial Intelligence Act (AI Act) The AI Act presents companies that use or develop AI

Weiterlesen »
NIS-2
25. March 2025

More security for the digital infrastructure in Europe through NIS-2 As IT security is increasingly

Weiterlesen »

Would you like to know
more about us?

The following link takes you to our download area. Here you can find information about the company, white papers and use cases.

Download Area

IT-SECURITY NEWSLETTER

We inform you about current changes in the area of IT security. Sign up and don’t miss any more information in the future.