As part of its June 2022 Security Patch Day, SAP released ten new and two revised security notes on Tuesday. The most important of these notes is an update to an April 2018 note providing the upgrades supplied for the Chrome-based browser in SAP Business Client, which is rated “Hot News” — the highest severity rating in SAP’s book.
The most serious of the recently revealed notes, CVE-2022-27668 (CVSS score of 8.6), pertains with an inappropriate access control connected to the SAProuter proxy in NetWeaver and ABAP Platform, and is considered “high priority.”
SAP has also corrected an incorrect access control weakness in NetWeaver AS Java, according to Onapsis, which is another high-severity flaw (CVSS score of 8.2) that can lead to system compromise. The security notes for this flaw, along with four others, was released on the second Tuesday of last month.
Read More: https://www.securityweek.com/sap-patches-high-severity-netweaver-vulnerabilities