IT Security News
Below we have summarized the topics of the first quarter in 2022 for you.
Security gaps
Category
Security gap
Solution/ Workaround
To be noted
CVSS*
SAP
Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component
Implementation of the patch (if necessary Hana Cockpit Update) or use the workaround/ configuration change.
SAP Note: 3131047
Attention:
This SAP note is updated regularly.
BSI: Security alert
BSI: Working paper
Producer Info: List
SAP: Info
10
SAP
Remote Code Execution Vulnerability Associated with Apache Log4j 2 Component in SAP Commerce
Implementation of the patch or use the workaround.
SAP Note: 3142773
Attention:
Custom or third-party SAP commerce extensions may include additional copies of log4j libraries.
10
SAP
Security updates for Google Chromium browser control in SAP Business Client
Implementation of the patch.
SAP Note: 2622660
Attention:
This SAP note is updated almost monthly.
10
Linux
A vulnerability in Samba allows code to be executed with root privileges
Implementation of the patch.
9.9
XML
Critical vulnerability in XML parser library Expat
Implementation of the patch.
Heise: Warning
9.8
Backup
Security vulnerabilities in the backup software Veeam Backup & Replication
Implementation of the patch.
Heise: Warning
9.8
SAP
Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
Implementation of the patch and correction instruction installation or use the workaround.
SAP Note: 3140940
9.1
Drucker
Critical vulnerability in more than 200 HP printer models
Importing firmware updates.
Heise: Warning
8.4
Linux
A vulnerability in PolicyKit allows unauthorized local users root access
Implementation of the patch.
7.8
Security warnings
Kategorie
Sicherheitswarnung
Lösung / Workaround
Zu beachten
CVSS
Kaspersky
Warning against anti-virus software from Kaspersky
Antivirus software Kaspersky should be replaced with alternative products.
BSI:
Security message
–
Virustotal
Data leakage in case of VirusTotal file scans
If VirusTotal is used, its use should be reviewed with respect to information security objectives (confidentiality, integrity, and availability).
BSI:
Security message
–
SAP
The support end date for SAP Business Client version 7.0 is April 12, 2022.
An update to version 7.70 is recommended.
SAP Note: 2302074
–
*Common Vulnerability Scoring System (CVSS)
0,0 – 10,0 (no rating – critical)
If you would like more detailed information on a specific topic, please feel free to contact our IT Security department at any time.