SAP’s December 2022 Security Updates Patch Critical Vulnerabilities By Orbit Brain December 15, 2022 0 296 views Dwelling › VulnerabilitiesSAP’s December 2022 Safety Updates Patch Crucial VulnerabilitiesBy Ionut Arghire on December 14, 2022TweetGerman software program maker SAP this week introduced the discharge of 14 new and 5 up to date safety notes as a part of its December 2022 Safety Patch Day, together with 4 notes that tackle vital vulnerabilities in Enterprise Shopper, BusinessObjects, NetWeaver, and Commerce.With a CVSS rating of 10, essentially the most extreme of SAP’s safety notes updates a observe launched on April 2018 Patch Day, which offers with software program updates for the Chrome-based browser in SAP Enterprise Shopper.Over the previous month, Google has introduced a number of Chrome updates, together with two emergency patches that tackle zero-day vulnerabilities in variations 107 and 108 of the browser, and SAP is making an attempt to maintain up: the safety observe addresses 34 vulnerabilities, together with 24 high-severity points.The second safety observe that SAP marked as sizzling information – the very best severity rating within the firm’s books – resolves a server-side request forgery (SSRF) within the BusinessObjects platform.Tracked as CVE-2022-41267 (CVSS rating of 9.9), the problem permits an attacker with ‘regular BI consumer privileges’ to switch any file within the BusinessObjects server, on the working system degree, enterprise software safety agency Onapsis explains.“This allows the attacker to take full management of the system and has a major influence on confidentiality, integrity, and availability of the applying,” Onapsis notes.The third sizzling information safety observe in SAP’s December 2022 Safety Patch Day resolves a vital improper entry management flaw in NetWeaver’s consumer outlined search (CVE-2022-41272, CVSS rating of 9.9) that might permit attackers to carry out unauthorized operations.The final sizzling information observe that SAP launched this month offers with a distant command execution bug related to Apache Commons Textual content in SAP Commerce (CVE-2022-42889, CVSS rating of 9.8).Additionally known as Text4Shell, the vulnerability was disclosed in October 2022 and has been in comparison with the infamous Log4Shell vulnerability, though it’s not as widespread.This month, SAP additionally introduced the discharge of 5 high-priority safety notes that resolve vulnerabilities in BASIS, Enterprise Planning and Consolidation, BusinessObjects, Commerce, and SAPUI5. Two of those are updates to notes launched in October and November 2022.The remaining safety notes that SAP introduced on December 2022 Safety Patch Day cope with medium-severity vulnerabilities in Disclosure Administration, NetWeaver, Options Supervisor, BusinessObjects, Sourcing, and Contract Lifecycle Administration.Associated: SAP Patches Crucial Vulnerabilities in BusinessObjects, SAPUI5Associated: SAP Patches Crucial Vulnerabilities in Commerce, Manufacturing Execution MerchandiseAssociated: SAP Patches Excessive-Severity Flaws in Enterprise One, BusinessObjects, GRCGet the Every day Briefing Most CurrentMost LearnCISA Warns Veeam Backup & Replication Vulnerabilities Exploited in AssaultsGoogle Broadcasts Vulnerability Scanner for Open Supply BuildersExcessive-Severity Reminiscence Security Bugs Patched With Newest Chrome 108 ReplaceSAP’s December 2022 Safety Updates Patch Crucial VulnerabilitiesSafety Companies Warn Microsoft of Signed Drivers Used to Kill EDR, AV ProcessesEU Strikes Nearer to Stitching Up New Knowledge Switch Deal With USApple Patches Zero-Day Vulnerability Exploited In opposition to iPhonesICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesHackerOne Surpasses $230 Million in Paid Bug BountiesPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsSearching for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe way to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe way to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Business Client BusinessObjects Commerce NetWeaver patch SAP Security Patch Day vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
IBM Cloud Vulnerability Exposed Users to Supply Chain AttacksIntroducing the Cyber Security News IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks.... December 3, 2022 Cyber Security News
China’s Winnti Group Hacked at Least 13 Organizations in 2021: Security FirmIntroducing the Cyber Security News China’s Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm.... August 19, 2022 Cyber Security News
Arnica Raises $7 Million to Protect Software Developers, CodeIntroducing the Cyber Security News Arnica Raises $7 Million to Protect Software Developers, Code.... October 25, 2022 Cyber Security News
New Default Account Lockout Policy in Windows 11 Blocks Brute Force AttacksIntroducing the Cyber Security News New Default Account Lockout Policy in Windows 11 Blocks Brute Force Attacks.... July 22, 2022 Cyber Security News
New Cyberespionage Group ‘Worok’ Targeting Entities in AsiaIntroducing the Cyber Security News New Cyberespionage Group ‘Worok’ Targeting Entities in Asia.... September 12, 2022 Cyber Security News
Google Patches Eighth Chrome Zero-Day of 2022Introducing the Cyber Security News Google Patches Eighth Chrome Zero-Day of 2022.... November 28, 2022 Cyber Security News
Bitcoin ETF Netflows May Experience Rebound If This Price Is Attained, Analyst ExplainsMarch 23, 2024 74
The Next Shiba Inu and Dogecoin? Dogecoin20 ICO and the Promise of Millionaire ReturnsMarch 20, 2024 70