SAP Patches High-Severity NetWeaver Vulnerabilities

As part of its June 2022 Security Patch Day, SAP released ten new and two revised security notes on Tuesday.�The most important of these notes is an update to an April 2018 note providing the upgrades supplied for the Chrome-based browser in SAP Business Client, which is rated “Hot News” � the highest severity rating in SAP’s book.

The most serious of the recently revealed notes, CVE-2022-27668, pertains with an inappropriate access control connected to the SAProuter proxy in NetWeaver and ABAP Platform, and is considered a high priority. According to business application security firm Onapsis, a liberal design of the route permission table may allow an unauthenticated attacker to overcome the protection and execute administration commands on the systems linked to the SAPRouter, endangering the systems’ availability. Read More…