• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

SAP Patches Critical NetWeaver and ABAP Platform Vulnerabilities

You are here: Home / General Cyber Security News / SAP Patches Critical NetWeaver and ABAP Platform Vulnerabilities
June 15, 2022

Enterprise computer software and options provider SAP released numerous new security notes on its June 2022 security patch day.

In unique, the document outlined ten new notes and two updated ones. 

First of all, SAP delivered an update to its security be aware produced on April 2018 Patch Working day, referring to security updates for the browser management Google Chromium delivered to the company’s company shoppers.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Particulars of this take note are not publicly available, but SAP gave it the optimum probable severity score of 10 according to the Prevalent Vulnerability Scoring Program (CVSS).

The 2nd-most significant of the vulnerabilities pointed out in SAP’s June notes refers to the widespread vulnerabilities and publicity (CVE)-2022-27668.

The flaw is an inappropriate entry regulate linked to the SAProuter proxy in NetWeaver and ABAP Platform and has a CVSS score of 8.6.

In accordance to SAP, Based on the configuration of the route authorization desk in a specific file, it is achievable for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform from a distant shopper.

The third vulnerability (in get of severity) mentioned in the SAP notes, with a 7.8 CVSS score, refers to prospective privilege escalation in SAP PowerDesigner Proxy 16.7.

“[This vulnerability] makes it possible for an attacker with low privileges and has regional obtain, with the capability to get the job done close to system’s root disk access limitations to Produce/Build a program file on procedure disk root route,” reads 1 of the notes.

The method file can then be executed with elevated privileges throughout software startup or reboot, possibly compromising confidentiality, integrity and availability of the procedure.

The 9 remaining new and current security notes introduced this 7 days are medium or lower priority.

SAP confirmed most of the vulnerabilities talked about in its June 2022 Security Patch Day advisory have now available fixes, and advised organizations to update their devices as soon as achievable.


Some parts of this report are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • SAP Patches Critical NetWeaver and ABAP Platform Vulnerabilities
  • US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs
  • Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
  • Cloudflare mitigates biggest ever HTTPS DDos attack
  • TSA greenlights trials for Pangiam’s AI-based baggage screening solution in Arlington
  • Microsoft silent patches called “a grossly irresponsible policy”
  • Mozilla adds ‘Total Cookie Protection” to its browser
  • BNPL Fraud Alert as Account Takeovers Surge
  • Microsoft bolsters threat intelligence capabilities with Miburo acquisition
  • New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

Copyright © TheCyberSecurity.News, All Rights Reserved.