SAP fixed 10 vulnerabilities in NetWeaver


SAP especially highlighted the update for the vulnerability from April 2018, which contained updates for Chrome in SAP Business Client. The second most serious was CVE-2022-27668 with a score of 8.6 on the CVSS scale. The vulnerability lies in incorrect access control associated with the SAProuter proxy in NetWeaver and ABAP Platform.

“A certain configuration of the allowed routes table allows an unauthorized attacker to bypass protection and execute administration commands on systems connected to SAProuter,” explains Onapsis, a company specializing in business application security. Experts recommend that customers apply the available fixes as soon as possible.

Onapsis also noted that SAP has eliminated a dangerous vulnerability that appeared due to incorrect access control in NetWeaver AS Java. The vulnerability has a score of 8.2 according to CVSS and allows attackers to easily hack the victim’s system. A fix for this vulnerability was released last month along with four other vulnerabilities.

An update was also released to eliminate CVE-2022-31590 with a rating of 7.8 CVSS, which allows you to increase privileges in PowerDesigner Proxy 16.7.

All other vulnerabilities are classified as medium or minor.

Start a discussion …