IT Security Newsletter Q3

IT Security News

Below we have summarized the topics of the second quarter in 2022 for you. 

SECURITY GAPS

Category

Security gap

Solution/ Workaround

To be noted

CVSS*

SAP

Security updates for the browser control Google Chromium delivered with SAP Business Client

Implementation of the patch

SAP Note: 2622660

10

SAP

Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse

Implementation of the patch or applying the workaround

SAP Note: 3102769

Attention: For the two possibilities regarding the workaround, please note the following:

SAP Note 3221696: Deactivation of the SAP ICS component

8.8

SAP

Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Implementation of the patch

SAP Note: 3226411 

8.3

SAP

Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Implementation of the patch

SAP Note: 3210823

8.2

SAP

Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application

Implementation of the patch and entitlement adjustment

SAP Note: 3226411 

8.1

SAP

Windows Unquoted Service Path issue in SAP Business One

Updating the SAP Business One component

SAP Note: 3223392

7.8

SAP

Central Management Server Information Disclosure in Business Intelligence Update

Updating the SBOP BI Platform Versionn

SAP Note:2998510

7.8

SAP

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Updating the SBOP BI Platform Version

SAP Note: 3217303

7.7

SAP

Missing Authentication check in SAP Business One (License serviceAPI)

Implementation of the patch

SAP Note: 3157613

Attention:
It is recommended to upgrade to version 10.0.
For the workaround see SAP Not: 3189816

7.5

SAP

Code Injection vulnerability in SAP Business One

Implementation of the patch and manual adjustments

SAP Note: 3191012

Attention: The block list of files should be maintained in the Business One Manager under the general settings in order to upgrade to version 10.0.

7.4

SAP

Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Importing the correction instructions

SAP Note: 3237075

7.1

SAFETY WARNINGS

Category

Security gap

Solution/ Workaround

To be noted

CVSS

Samba

Attackers could change admin passwords

Implementation of the patch

Heise: Security message

Python

15-year-old vulnerability allows attackers to overwrite important system files

Distributions have not been able to offer a fix accordingly so far. Future update could fix this bug

Heise: Security message

*Common Vulnerability Scoring System (CVSS) 
0,0 – 10,0 (keine Bewertung – kritisch)

If you would like more detailed information on a specific topic, please feel free to contact our IT Security department at any time.

it-security@fis-asp.de