Software giant SAP has released the June 2022 Security Patch Day that consists of 10 separate security advisories and patches, to include fixes for two new High Priority vulnerabilities.
An attacker could exploit some of these vulnerabilities to take control of unpatched systems.
The SAP updates include two new ‘High Priority’ SAP vulnerabilities:
- CVE-2022-27668: Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform (CVSS 8.6).
- CVE-2022-31590: Potential privilege escalation in SAP PowerDesigner Proxy 16.7 (CVSS 7.8)
SAP also released a ‘Very High Priority’ update to a Security Note released on April 2018 Patch Day for the browser control Google Chromium delivered with SAP Business Client.
In addition, seven Medium and two Low severity updates also fixed multiple SAP product vulnerabilities.
One of the Medium Priority issues is an update to Security Note released on May 2022 Patch Day for a Missing Authorization check vulnerability (CVE-2022-29611) in SAP NetWeaver Application Server for ABAP and ABAP Platform.