El CSIRT de Gobierno comparte información sobre nuevas vulnerabilidades dadas a conocer por SAP
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades dadas a conocer por SAP.
Vulnerabilidades
CVE-2022-35228
CVE-2022-32249
CVE-2022-28771
CVE-2022-31593
CVE-2022-29619
CVE-2022-22542
CVE-2022-29611
CVE-2022-35172
CVE-2022-35170
CVE-2022-35225
CVE-2022-32247
CVE-2022-35224
CVE-2022-35227
CVE-2022-35169
CVE-2022-31591
CVE-2022-32246
CVE-2022-31598
CVE-2022-31597
CVE-2022-35168
CVE-2022-32248
CVE-2022-31592
CVE-2022-35171
CVE-2022-31594
Impacto
Vulnerabilidades de riesgo alto
CVE-2022-35228: Vulnerabilidad de filtración de información en SAP BusinessObjects Business Intelligence Platform (Central management console).
CVE-2022-32249
CVE-2022-28771
CVE-2022-31593
Productos afectados
SAP BusinessObjects Business Intelligence Platform (Central management console), versiones 420 a 430.
SAP Business One, Version -10.0.
SAP Business One License serviceAPI, Version -10.0.
SAP Business One, Version -10.0.
SAP BusinessObjects Business Intelligence Platform 4.x, versiones 420 a 430.
SAPS/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer), versiones 104 a 106.
SAP NetWeaver Application Server for ABAP and ABAP Platform, versiones 700 a 788.
SAP NetWeaver Enterprise Portal, Versions -7.10 a 7.50.
SAP BusinessObjects Business Intelligence Platform (LCM), versiones -420 a 430.
SAP BusinessObjects BW Publisher Service, versiones -420, 430.
SAP BusinessObjects Business Intelligence Platform (Visual Difference Application), versiones 420 a 430.
SAP Business Objects,Version -420
SAPS/4HANA, Versions -S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127
SAP Business one, Version -10.0
SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS),Versions -605, 606, 616,617,618, 802, 803, 804, 805, 806
SAP3D Visual Enterprise Viewer, Version -9.0
SAP Adaptive Server Enterprise (ASE),Versions -KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31594
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00676-01.