Software giant SAP has released the July 2022 Security Patch Day that consists of 20 separate security advisories and patches, to include fixes for four new High Priority vulnerabilities.
An attacker could exploit some of these vulnerabilities to take control of unpatched systems.
The SAP updates include four new ‘High Priority’ SAP vulnerabilities:
- CVE-2022-35228: Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console); (CVSS 8.3)
- CVE-2022-32249: Information Disclosure vulnerability in SAP Business One (CVSS 7.6)
- CVE-2022-28771: Missing Authentication check in SAP Business One (License serviceAPI); (CVSS 7.5)
- CVE-2022-31593: Code Injection vulnerability in SAP Business One ((CVSS 7.4).
In addition, multiple other Medium and Low severity advisories also addressed SAP product vulnerabilities.