SAP Releases March 2022 Security Updates
Scheduled updates for SAP products
Summary
Scheduled updates for SAP products
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Other SAP Products:
- Fiori Launchpad
- Internet of Things Edge Platform
- SAP 3D Visual Enterprise Viewer
- SAP Adaptive Server Enterprise
- SAP Business Objects Web Intelligence (BI Launchpad)
- SAP Commerce
- SAP Content Server
- SAP Customer Checkout
- SAP Data Intelligence
- SAP Dynamic Authorization Management
- SAP ERP HCM (Portugal)
- SAP Financial Consolidation
- SAP Focused Run
- SAP Inventory Manager
- SAP NetWeaver and ABAP Platform
- SAP NetWeaver Application Server for ABAP
- SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)
- SAP NetWeaver Application Server Java
- SAP NetWeaver AS JAVA (Portal Basis)
- SAP NetWeaver Enterprise Portal
- SAP NetWeaver AS ABAP (Workplace Server)
- SAP Web Dispatcher
- SAP Work Manager
- SAPCAR
- SAP-JEE
- SAP-JEECOR
- SAPS/4HANA
- SERVERCORE
- Simple Diagnostics Agent
Threat details
Introduction
SAP has released security updates to address 29 vulnerabilities, including Log4Shell vulnerabilities, affecting multiple SAP products. An attacker could exploit these vulnerabilities to take control of an affected system.
Updates for Log4Shell vulnerabilities
The March Security Patch Day has several notes concerning Log4Shell vulnerabilities. You may find out more about SAP's response to Log4Shell vulnerabilities by reviewing SAP's Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component. Note: SAP credentials are required to view the Security Note.
NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected SAP products.
Remediation advice
Affected organisations are encouraged to review the SAP Security Notes for March 2022 and apply the necessary updates.
Definitive source of threat updates
Last edited: 9 March 2022 3:52 pm