SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 By Orbit Brain November 9, 2022 0 370 views Cyber Security News Dwelling › VulnerabilitiesSAP Patches Essential Vulnerabilities in BusinessObjects, SAPUI5By Ionut Arghire on November 09, 2022TweetGerman software program maker SAP introduced the discharge of 9 new safety notes on its November 2022 Safety Patch Day, together with two notes addressing vital bugs in BusinessObjects and SAPUI5.There have been additionally updates to 2 beforehand launched notes. Three different safety notes have been launched between the second Tuesday of October and the second Tuesday of November.Three of this month’s safety notes are marked ‘sizzling information’, which represents the very best severity score in SAP’s books.The primary of them offers with CVE-2022-41203, a critical-severity insecure deserialization of untrusted knowledge within the BusinessObjects Enterprise Intelligence platform (CVSS rating of 9.9).Due to this difficulty, an unauthenticated attacker with low privileges may exchange a serialized object in BusinessObjects parameters with a malicious one.“Because the deserialization course of didn’t include any verification of the processed knowledge, this might extremely compromise the confidentiality, integrity, and availability of the system. The one motive why this vulnerability will not be tagged with the utmost CVSS rating of 10 is as a result of it requires the attacker to have a minimal set of privileges in an effort to exploit it,” enterprise software program safety agency Onapsis explains.The second sizzling information safety be aware launched on SAP’s November 2022 Safety Patch Day addresses two flaws within the SQLite library included within the SAPUI5 framework.The primary of the bugs, CVE-2021-20223 (CVSS rating 9.8), exists as a result of SQLite would deal with null characters as tokens. A distant attacker with minimal privileges may exploit this to focus on functions utilizing SAPUI5.Tracked as CVE-2022-35737 (CVSS rating of seven.5), the second difficulty “permits an array-bound overflow if billions of bytes are utilized in a string argument to a C API.”SAP additionally up to date a sizzling information safety be aware launched in October, addressing an account hijacking difficulty in Commerce (CVSS rating of 9.6).Between the second Tuesday of October and the second Tuesday of November, SAP additionally up to date a sizzling information be aware that gives the most recent updates for the Chromium-based browser in Enterprise Shopper, delivering a complete of 75 patches, together with two for critical-severity vulnerabilities.This week, SAP additionally introduced three ‘excessive precedence’ safety notes, together with two new notes coping with vulnerabilities in NetWeaver and 3D Visible Enterprise, and an replace to a July 2022 safety be aware addressing a privilege escalation bug in SuccessFactors attachment API for Android and iOS.Associated: SAP Patches Essential Vulnerabilities in Commerce, Manufacturing Execution MerchandiseAssociated: SAP Patches Excessive-Severity Flaws in Enterprise One, BusinessObjects, GRCAssociated: SAP Patches Info Disclosure Vulnerabilities in BusinessObjectsGet the Each day Briefing Most LatestMost LearnSAP Patches Essential Vulnerabilities in BusinessObjects, SAPUI5Google Reveals Spyware and adware Vendor’s Use of Samsung Telephone Zero-Day ExploitsBringing Bots and Fraud to the BoardroomHackers Leak Australian Well being Data on Darkish InternetMicrosoft Scrambles to Thwart New Zero-Day AssaultsWib Launches API Safety Platform After Elevating $16 MillionICS Patch Tuesday: Siemens Addresses Essential VulnerabilitiesCanadian Meat Big Maple Leaf Meals Disrupted by CyberattackGoogle Patches Excessive-Severity Privilege Escalation Vulnerabilities in AndroidUS States Announce $16M Settlement With Experian, T-Cell Over Knowledge BreachesSearching for Malware in All of the Fallacious Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of Failure The way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingThe way to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise BusinessObjects CVE-2021-20223 CVE-2022-35737 CVE-2022-41203 SAP SAPUI5 Security Patch Day vulnerability Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Microsoft Releases Out-of-Band Update After Security Patch Causes Kerberos IssuesIntroducing the Cyber Security News Microsoft Releases Out-of-Band Update After Security Patch Causes Kerberos Issues.... November 23, 2022 Cyber Security News
Australian Police Probe Purported Hacker’s Ransom DemandIntroducing the Cyber Security News Australian Police Probe Purported Hacker’s Ransom Demand.... September 27, 2022 Cyber Security News
Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin PasswordsIntroducing the Cyber Security News Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords.... June 15, 2022 Cyber Security News
Wib Launches API Security Platform After Raising $16 MillionIntroducing the Cyber Security News Wib Launches API Security Platform After Raising $16 Million.... November 8, 2022 Cyber Security News
AI is Key to Tackling Money Mules and Disrupting Fraud: Industry GroupIntroducing the Cyber Security News AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group.... October 19, 2022 Cyber Security News
Google Migrating Android to Memory-Safe Programming LanguagesIntroducing the Cyber Security News Google Migrating Android to Memory-Safe Programming Languages.... December 2, 2022 Cyber Security News