{"id":6349,"date":"2022-01-13T09:49:40","date_gmt":"2022-01-13T07:49:40","guid":{"rendered":"http:\/\/inprosec.com\/sap-security-notes-january-2022\/"},"modified":"2022-05-11T17:18:36","modified_gmt":"2022-05-11T15:18:36","slug":"sap-security-notes-january-2022","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/","title":{"rendered":"SAP Security Notes, January 2022"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<h2>January 2022 notes<\/h2>\n<h3>Summary and highlights of the month<\/h3>\n<p>The total number of notes\/patches has increased compared to last month. The appearance of the remote code execution vulnerability associated with Log4j has increased the number of notes published by SAP, where the number of Hot News has increased, being 4 the ones we found last month with respect to the 20 existing in January, all linked to the problem with Log4j. On the other hand, it is worth mentioning that the number of high criticality notes remains at 6, 4 of which are also related to Log4j. Due to the variety of components that are being affected by this problem, what SAP has done has been to include all the related notes (both the 20 Hot News, 4 high notes and the rest of the notes) within the central <strong>security note 3131047 with a CVSS of 10.<\/strong> Taking this into account, we will leave as usual the medium and low notes without reviewing in this month, but <strong>we will give detail of a total of 3<\/strong> notes (all those with a CVSS of <span style=\"color: #d1c704;\">7<\/span> or higher).<\/p>\n<p>We have <strong>a total of 35 notes<\/strong> for the whole month, 20 more than last December.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>We have 20 new Hot News this month<\/strong><\/span>, which stand out for their high relevance and high CVVS. All of these are found within the central security note discussed above. In addition, removing the 4 Log4j high notes that are also located in the central note, we will review in detail 2 of the total of 2 high notes (those of CVSS greater than or equal to 7) where this month we located 1 new and 1 update.<\/p>\n<ul>\n<li><strong>The most critical note of the month (with CVSS <span style=\"color: #ff0000;\">10<\/span>) and that is affecting several components is the Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component. This note, as already mentioned, includes 27 notes of different criticality that affect Log4j.<\/strong><\/li>\n<li>The following <strong>in criticality (CVSS <span style=\"color: #ff0000;\">8.7<\/span> and CVSS <span style=\"color: #ff0000;\">8.4<\/span>)<\/strong> are two high notes. On the one hand the new note Multiple vulnerabilities in F0743 Create Single Payment application of SAP S\/4HANA and on the other hand the update Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP.<\/li>\n<li>The rest (6) are medium and low level, and we will not see them in detail.<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\">In the graph we can see the <span style=\"text-decoration: underline;\"><strong>classification of the January notes <\/strong><\/span>as well as the evolution and classification of the last 5 previous months (only the releases of Sec. Tuesday \/ Patch Day &#8211; by SAP).<\/p>\n<h3><\/h3>\n<h3><a ref=\"magnificPopup\" href=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg\"><img decoding=\"async\" class=\"wp-image-3790 aligncenter\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg\" alt=\"\" width=\"887\" height=\"465\" \/><\/a><\/h3>\n<h3>Full details<\/h3>\n<p>The<span style=\"text-decoration: underline;\"><strong> full details of the most relevant notes<\/strong><\/span> are as follows:<\/p>\n<p style=\"padding-left: 40px;\"><strong><u>1. Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component (3131047):<\/u><\/strong>\u00a0This security note will be the central document to consolidate information on the Remote Code Execution vulnerability associated with Apache Log4j 2 component (CVE-2021-44228). Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Important: Please refer to the solution section for the list of notes with workaround released by SAP addressing this vulnerability. This security note will be a living document that will be updated regularly. CVSS v3 Base Score: 10 \/ 10 (CVE-2021-44228).<\/p>\n<p style=\"padding-left: 40px;\">This note includes the following main \u00abSAP Security Notes\u00bb:<\/p>\n<p>&nbsp;<\/p>\n<table class=\" aligncenter\" style=\"height: 1650px;\" width=\"850\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\" width=\"61\"><span style=\"text-decoration: underline;\"><strong>Note<\/strong><\/span><\/td>\n<td width=\"137\">\n<p style=\"text-align: center;\"><span style=\"text-decoration: underline;\"><strong>Component<\/strong><\/span><\/p>\n<\/td>\n<td width=\"700\">\n<p style=\"text-align: center;\"><span style=\"text-decoration: underline;\"><strong>Description<\/strong><\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3133772<\/strong><\/td>\n<td width=\"137\">IS-SE-CCO<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3130578<\/strong><\/td>\n<td width=\"137\">BC-CP-CF-RT<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132198<\/strong><\/td>\n<td width=\"137\">BC-VCM-LVM<\/td>\n<td width=\"700\">Code Injection vulnerability in SAP Landscape Management<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3131824<\/strong><\/td>\n<td width=\"137\">IS-PMED-HPH<\/td>\n<td width=\"700\">Log4j Vulnerability in Connected Health Platform 2.0 &#8211; Fhirserver<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3131258<\/strong><\/td>\n<td width=\"137\">BC-XS-RT<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132922<\/strong><\/td>\n<td width=\"137\">BC-NEO-SVC-IOT<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132744<\/strong><\/td>\n<td width=\"137\">BC-CP-XF-KYMA<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132964<\/strong><\/td>\n<td width=\"137\">KM-WPB-MGR<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132074<\/strong><\/td>\n<td width=\"137\">LOD-CRM-GW-LN<\/td>\n<td width=\"700\">Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132177<\/strong><\/td>\n<td width=\"137\">CA-GTF-CSC-EDO-IN-DC<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132909<\/strong><\/td>\n<td width=\"137\">IOT-EDG-OP<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132162<\/strong><\/td>\n<td width=\"137\">OPU-API-OD-DT<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"2\" width=\"61\"><strong>3134531<\/strong><\/td>\n<td rowspan=\"2\" width=\"137\">BC-XS-ADM<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit<\/td>\n<\/tr>\n<tr>\n<td width=\"700\"><em>(includes fix provided in\u00a03132822,\u00a03131397)<\/em><\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132515<\/strong><\/td>\n<td width=\"137\">IOT-EDG-OD<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3131691<\/strong><\/td>\n<td width=\"137\">XX-PART-ADB-IFM<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3134139<\/strong><\/td>\n<td width=\"137\">XX-PART-TRI-CLD-ECT<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3132058<\/strong><\/td>\n<td width=\"137\">IOT-BSV-HS-MS<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3136988<\/strong><\/td>\n<td width=\"137\">IOT-BSV-HS-MS<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3136094<\/strong><\/td>\n<td width=\"137\">MFG-DM-EDGE<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing<\/td>\n<\/tr>\n<tr>\n<td width=\"61\"><strong>3131740<\/strong><\/td>\n<td width=\"137\">SBO-CRO-SEC<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"2\" width=\"61\"><strong>3135581<\/strong><\/td>\n<td rowspan=\"2\" width=\"137\">BC-XI-CON-JWS<\/td>\n<td width=\"700\">Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration<\/td>\n<\/tr>\n<tr>\n<td width=\"700\"><em>(includes fix provided in\u00a03132204,\u00a03130521,\u00a03133005)<\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p style=\"padding-left: 40px;\"><strong><u>2. Multiple vulnerabilities in F0743 Create Single Payment application of SAP S\/4HANA (3112928):<\/u><\/strong>\u00a0It patches a Cross-Site Scripting and a Code Injection vulnerability in the Create Single Payment app of S\/4HANA (app ID F0743). This app is used by accounts payable accountants through SAP Fiori (SAPUI5). It allows them to make a direct payment to a supplier when no invoice exists as well as pay open supplier line items. The two vulnerabilities existed because uploaded and downloaded files were not checked by the app. The first vulnerability allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. The second one enables an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.<strong>\u00a0CVSS v3 Base Score: 9.8 \/ 10\u00a0<\/strong>(CVE-2022-22531).<\/p>\n<p style=\"padding-left: 40px;\"><u><strong>3.<\/strong> Update<\/u><strong><u>\u00a0\u2013 Code Injection vulnerability in utility class for SAP NetWeaver AS AB (3123196):<\/u><\/strong>\u00a0This note has been updated with some information about its validity. The original validity interval is only valid for SAP customers using the license-bound product Post-Copy Automation (PCA). For all other customers, the minimum patch level of the validity interval has been increased.\u00a0<strong>CVSS v3 Base Score: 8.3 \/ 10<\/strong>\u00a0(CVE-2021-44235).<\/p>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Reference links of the CERT of the INCIBE in relation to the publication of the notes for January:<\/p>\n<p><a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-enero-2022\" target=\"_blank\" rel=\"noopener\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-enero-2022<\/a><\/p>\n<p>Other references, from SAP and Onapsis (January):<\/p>\n<p><a href=\"https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=596902035\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=596902035<\/a><\/p>\n<p><a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-january-2022-log4j-causes-record-breaking-number-hotnews-notes\" target=\"_blank\" rel=\"noopener\">https:\/\/onapsis.com\/blog\/sap-security-patch-day-january-2022-log4j-causes-record-breaking-number-hotnews-notes<\/a><\/p>\n<h3 style=\"font-weight: 400;\"><strong><u>Resources affected<\/u><\/strong><\/h3>\n<ul>\n<li>Internet of Things Edge Platform;<\/li>\n<li>Reference Template for enabling ingestion y persistence of time series data in Azure;<\/li>\n<li>SAP BTP:\n<ul>\n<li>API Management (Tenant Cloning Tool);<\/li>\n<li>Cloud Foundry;<\/li>\n<li>Kyma;<\/li>\n<\/ul>\n<\/li>\n<li>SAP Business One, versi\u00f3n \u2013 10;<\/li>\n<li>SAP Business One;<\/li>\n<li>SAP Cloud for Customer (add-in para Lotus notes client);<\/li>\n<li>SAP Cloud-to-Cloud Interoperability;<\/li>\n<li>SAP Connected Health Platform 2.0 \u2013 Fhirserver;<\/li>\n<li>SAP Customer Checkout;<\/li>\n<li>SAP Digital Manufacturing Cloud para Edge Computing;<\/li>\n<li>SAP Edge Services Cloud Edition;<\/li>\n<li>SAP Edge Services en Premise Edition;<\/li>\n<li>SAP Enable Now Manager;<\/li>\n<li>SAP Enterprise Continuous Testing by Tricentis<\/li>\n<li>SAP Enterprise Threat Detection, versi\u00f3n \u2013 2.0;<\/li>\n<li>SAP GRC Access Control, versiones \u2013 V1100_700, V1100_731, V1200_750.<\/li>\n<li>SAP HANA XS Advanced Cockpit (includes correction provided in 3131397, 3132822);<\/li>\n<li>SAP HANA XS Advanced;<\/li>\n<li>SAP Landscape Management;<\/li>\n<li>SAP Localization Hub, servicio de conformidad digital para la India;<\/li>\n<li>SAP NetWeaver:\n<ul>\n<li>ABAP Server y ABAP Platform (Adobe LiveCycle Designer 11.0);<\/li>\n<li>AS for ABAP y ABAP Platform, versiones \u2013 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786;<\/li>\n<li>Process Integration (Java Web Service Adapter) (includes correction provided in 3132204, 3130521, 3133005);<\/li>\n<\/ul>\n<\/li>\n<li>SAP S\/4HANA, versiones \u2013 100, 101, 102, 103, 104, 105, 106;<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. January 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. The appearance of the remote code execution vulnerability associated with Log4j has increased&#8230;<\/p>\n","protected":false},"author":6,"featured_media":5726,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[61],"tags":[],"class_list":["post-6349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, January 2022 - Inprosec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, January 2022\" \/>\n<meta property=\"og:description\" content=\"Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. January 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. The appearance of the remote code execution vulnerability associated with Log4j has increased...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-13T07:49:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-11T15:18:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, January 2022\",\"datePublished\":\"2022-01-13T07:49:40+00:00\",\"dateModified\":\"2022-05-11T15:18:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/\"},\"wordCount\":1424,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/notas-enero-2022-1.jpg\",\"articleSection\":[\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/\",\"name\":\"SAP Security Notes, January 2022 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/notas-enero-2022-1.jpg\",\"datePublished\":\"2022-01-13T07:49:40+00:00\",\"dateModified\":\"2022-05-11T15:18:36+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/notas-enero-2022-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/notas-enero-2022-1.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2022\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, January 2022\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, January 2022 - Inprosec","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, January 2022","og_description":"Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. January 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. The appearance of the remote code execution vulnerability associated with Log4j has increased...","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/","og_site_name":"Inprosec","article_published_time":"2022-01-13T07:49:40+00:00","article_modified_time":"2022-05-11T15:18:36+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, January 2022","datePublished":"2022-01-13T07:49:40+00:00","dateModified":"2022-05-11T15:18:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/"},"wordCount":1424,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg","articleSection":["SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/","name":"SAP Security Notes, January 2022 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg","datePublished":"2022-01-13T07:49:40+00:00","dateModified":"2022-05-11T15:18:36+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/03\/notas-enero-2022-1.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2022\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, January 2022"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=6349"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6349\/revisions"}],"predecessor-version":[{"id":7788,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6349\/revisions\/7788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/5726"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=6349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=6349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=6349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}