Skip to main content

SAP Releases May 2022 Security Updates

Scheduled updates for SAP products

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Scheduled updates for SAP products


The following platforms are also known to be affected:

  • SAP Commerce
  • SAP Customer Profitability Analytics
  • SAP Employee Self Service
  • SAP Host Agent
  • SAP Webdispatcher

Threat details

Introduction

SAP has released security updates to address eleven vulnerabilities, which are covered in eight new security notes and four updates to previous notes. One of the vulnerabilities is CVE-2022-22965, the critical Spring Framework vulnerability that affects multiple SAP products. An unauthenticated remote attacker could exploit some of these vulnerabilities to take control of an affected system.


Remediation advice

Affected organisations are encouraged to review the SAP Security Notes for May 2022 and apply the necessary updates.



CVE Vulnerabilities

Last edited: 17 May 2022 11:17 am