Child pages
  • SAP Security Patch Day – January 2022
Skip to end of metadata
Go to start of metadata

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

On 11th of January 2022, SAP Security Patch Day saw the release of 11 new Patch Day Security Notes. 16 security notes were released out-of-band. Further, there were 3 updates to Patch Day Security Notes released previously.

Note: 3131047 consolidates all Security Notes addressing recent vulnerabilities related to Apache Log4j 2 component. This security note is a living document that will be updated when a new Security Note is released. So, please refer the central Security Note for up-to-date information about all released Apache Log4j 2 related Security Notes.

List of security notes released on January Patch Day:

Note#TitlePriorityCVSS
3131047

[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

Consolidated Security Note list  (Product: Security Note #)
SAP Customer Checkout: 3133772 
SAP BTP Cloud Foundry: 3130578
SAP Landscape Management: 3132198
SAP Connected Health Platform 2.0 - Fhirserver: 3131824
SAP HANA XS Advanced Cockpit : 3134531 (includes fix provided in 31313973132822)
SAP NetWeaver Process Integration (Java Web Service Adapter) : 3135581 (includes fix provided in 31322043130521, 3133005)
SAP HANA XS Advanced : 3131258
Internet of Things Edge Platform : 3132922
SAP BTP Kyma : 3132744
SAP Enable Now Manager : 3132964
SAP Cloud for Customer (add-in for Lotus notes client) : 3132074
SAP Localization Hub, digital compliance service for India : 3132177
SAP Edge Services On Premise Edition : 3132909
SAP Edge Services Cloud Edition : 3132515
SAP BTP API Management (Tenant Cloning Tool) : 3132162
SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0) : 3131691
SAP Digital Manufacturing Cloud for Edge Computing : 3136094
SAP Enterprise Continuous Testing by Tricentis :  3134139
SAP Cloud-to-Cloud Interoperability : 3132058
Reference Template for enabling ingestion and persistence of time series data in Azure : 3136988
SAP Business One : 3131740

Hot News10
3112928[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA
Additional CVE - CVE-2022-22530
Product SAP S/4HANA, Versions - 100, 101, 102, 103, 104, 105, 106
High8.7
3123196Update to Security Note released on December 2021 Patch Day:
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP
Product SAP NetWeaver AS ABAP, Versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756
High8.4
3101299[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One
Product - SAP Business One, Version - 10
Medium6.6
3106528[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One
Product - SAP Business One, Version - 10
Medium6.5
3124597

[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
Product - SAP Enterprise Threat Detection, Version - 2.0

Medium6.1
3112710[CVE-2021-42067Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Product SAP NetWeaver AS for ABAP and ABAP Platform, Versions - 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786
Medium4.3
3121165Update to Security Note released on December 2021 Patch Day:
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
CVEs - CVE-2021-42068,CVE-2021-42070CVE-2021-42069CVE-2021-42069
Product SAP 3D Visual Enterprise Viewer, Version - 9
Medium4.3
3080816Update to Security Note released on December 2021 Patch Day:
[CVE-2021-44233] Missing Authorization check in GRC Access Control
Product - SAP GRC Access Control, Versions - V1100_700, V1100_731, V1200_750
Low2.4


* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.


Customers who would like to take a look at all Security Notes published or updated after December 14, 2021, go to Launchpad Expert Search → Filter 'SAP Security Notes' released between 'December 15, 2021 - January 11, 2022' → Go.

To know more about the security researchers and research companies who have contributed for security patches of this month, visit SAP Product Security Response Acknowledgement Page.

Do write to us at secure@sap.com with all your comments and feedback on this blog post.

SAP Product Security Response Team

  • No labels