9VSA22-00676-01 CSIRT comparte vulnerabilidades que afectan a productos SAP

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre nuevas vulnerabilidades dadas a conocer por SAP.

Vulnerabilidades

 

CVE-2022-35228

CVE-2022-32249

CVE-2022-28771

CVE-2022-31593

CVE-2022-29619

CVE-2022-22542

CVE-2022-29611

CVE-2022-35172

CVE-2022-35170

CVE-2022-35225

CVE-2022-32247

CVE-2022-35224

CVE-2022-35227

CVE-2022-35169

CVE-2022-31591

CVE-2022-32246

CVE-2022-31598

CVE-2022-31597

CVE-2022-35168

CVE-2022-32248

CVE-2022-31592

CVE-2022-35171

CVE-2022-31594

Impacto

Vulnerabilidades de riesgo alto

CVE-2022-35228: Vulnerabilidad de filtración de información en SAP BusinessObjects Business Intelligence Platform (Central management console).

CVE-2022-32249

CVE-2022-28771

CVE-2022-31593

 

Productos afectados

SAP BusinessObjects Business Intelligence Platform (Central management console), versiones 420 a 430.

SAP Business One, Version -10.0.

SAP Business One License serviceAPI, Version -10.0.

SAP Business One, Version -10.0.

SAP BusinessObjects Business Intelligence Platform 4.x, versiones 420 a 430.

SAPS/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer), versiones 104 a 106.

SAP NetWeaver Application Server for ABAP and ABAP Platform, versiones 700 a 788.

SAP NetWeaver Enterprise Portal, Versions -7.10 a 7.50.

SAP BusinessObjects Business Intelligence Platform (LCM), versiones -420 a 430.

SAP BusinessObjects BW Publisher Service, versiones -420, 430.

SAP BusinessObjects Business Intelligence Platform (Visual Difference Application), versiones 420 a 430.

SAP Business Objects,Version -420

SAPS/4HANA, Versions -S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127

SAP Business one, Version -10.0

SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS),Versions -605, 606, 616,617,618, 802, 803, 804, 805, 806

SAP3D Visual Enterprise Viewer, Version -9.0

SAP Adaptive Server Enterprise (ASE),Versions -KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53

 

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

 

Enlaces

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35228

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32249

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28771

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31593

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29619

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22542

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29611

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35172

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35170

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35225

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32247

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35224

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35227

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35169

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31591

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32246

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31598

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31597

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35168

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32248

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31592

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35171

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31594

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00676-01.

9VSA22-00676-01 CSIRT comparte vulnerabilidades que afectan a productos SAP