{"id":7677,"date":"2022-04-18T16:26:29","date_gmt":"2022-04-18T14:26:29","guid":{"rendered":"http:\/\/inprosec.com\/?p=7677"},"modified":"2023-12-28T11:55:28","modified_gmt":"2023-12-28T09:55:28","slug":"sap-security-notes-april-2022","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/","title":{"rendered":"SAP Security Notes, April 2022"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<h2>April 2022 notes<\/h2>\n<h3>Summary and highlights of the month<\/h3>\n<p>The total number of notes\/patches has increased compared to last month. In addition to this increase in the total number of notes, the number of Hot News is also reduced, with 4 notes last month compared to 8 in April. On the other hand, it should be noted that the number of high criticality notes increased from 1 to 7 this month. As usual, we will leave the medium and low scores unchecked this month, but <strong>we will give details of a total of 15<\/strong> scores (all those with a CVSS of <span style=\"color: #cfb915;\">7<\/span> or higher).<\/p>\n<p>We have <strong>a total of 35 notes<\/strong> for the whole month, 18 more than last March (33 from Patch Tuesday, 23 new and 10 updates, being 17 more than last month).<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>We have 8 critical notes (Hot News), 4 new and 4 updates<\/strong><\/span>, in this month, which stand out for their high CVVS. We will also review in detail 7 of the total of 7 high notes (those with CVSS greater than or equal to <span style=\"color: #cfb915;\">7<\/span>), which this month are 3 updates and 4 new notes.<\/p>\n<ul>\n<li><strong>The most critical notes of the month (with CVSS <span style=\"color: #ff0000;\">10<\/span>) are 2. On the one hand the usual note of Google Chromium and, on the other hand, the other note with this CVSS would affect SAP NetWeaver, SAP Content Server and SAP Web Dispatcher.<\/strong><\/li>\n<li>Next in <strong>criticality (CVSS <span style=\"color: #ff0000;\">9.9<\/span>)<\/strong> is a &#8220;Code Injection Vulnerability&#8221; note affecting SAP Manufacturing Integration and Intelligence.<\/li>\n<li>From there, we located 4 notes of very high criticality <strong>(CVSS <span style=\"color: #ff0000;\">9.8<\/span>)<\/strong>, all related to &#8220;Remote Code Execution&#8221; and that would be affecting Spring Framework, SAP HANA Extended Application Services, SAP Customer Checkout and SAP Powerdesigner Web Portal.<\/li>\n<li>Finally, in relation to Hot News, we have one last <strong>criticality (CVSS <span style=\"color: #ff0000;\">9.1<\/span>)<\/strong>, which would be of the type &#8220;Code injection vulnerability&#8221; and would be related to SAP Manufacturing Integration and Intelligence.<\/li>\n<li>In relation to the high level notes, there would be a total of 7, including one with <strong>CVSS<\/strong> <span style=\"color: #ff0000;\"><strong>8.9<\/strong><\/span> and two others with <strong><span style=\"color: #ff0000;\">8.2<\/span><\/strong>, related to HTTP Request Smuggling, Cross-Site Scripting (XSS) and CSRF token visible. The rest (18) are medium and low level, and we will not look at them in detail.<\/li>\n<li>This month the most predominant note types are &#8220;Cross-Site Scripting (XSS)&#8221;, &#8220;Remote Code Injection&#8221; &#8220;Information Disclosure&#8221; and &#8220;Denial of Service&#8221;, all with 4\/33 and 4\/35 on patch day.<\/li>\n<\/ul>\n<p>In the graph (post April 2022 by SAP) we can see the <span style=\"text-decoration: underline;\"><strong>ranking of the April notes<\/strong><\/span> in addition to the evolution and ranking of the last 5 previous months (only the notes of Sec. Tuesday \/ Patch Day &#8211; by SAP):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter  wp-image-7687\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg\" alt=\"\" width=\"700\" height=\"368\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg 1200w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1-300x158.jpg 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1-1024x538.jpg 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1-600x315.jpg 600w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<h3>Full details<\/h3>\n<p>The<span style=\"text-decoration: underline;\"><strong> full details of the most relevant notes<\/strong><\/span> are as follows:<\/p>\n<ol>\n<li><strong><u>Update \u2013 Security updates for the browser control Google Chromium delivered with SAP Business Client (2622660):<\/u><\/strong>\u00a0This security note addresses multiple vulnerabilities in the 3rd party web browser control Chromium, which can be used within SAP Business Client. This note will be modified periodically based on web browser updates by the open source project Chromium. The note priority is based on the highest CVSS score of all the vulnerabilities fixed in the latest browser release. If the SAP Business Client release is not updated to the latest patch level, displaying web pages in SAP Business Client via this open source browser control might lead to different vulnerabilities like memory corruption, Information Disclosure and the like. The solution will be to update the SAP Business Client patch to the newest one, which contains the most current stable major release of the Chromium browser control, which passed the SAP internal quality measurements of SAP Business Client.\u00a0<strong>CVSS v3 Base Score<\/strong>:\u00a0<span style=\"color: #ff0000;\"><strong>10<\/strong>\u00a0<\/span>\/ 10 (Multiple CVE\u00b4s).<\/li>\n<li><strong><u>Update \u2013 Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher (3123396):<\/u><\/strong>\u00a0This security note will be related to the vulnerability of SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher for request smuggling and request concatenation. Due to that, an unauthenticated attacker can prepend a victim\u2019s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack\u00a0 could result in complete compromise of Confidentiality, Integrity and Availability of the system. The correction requires patching both SAP Web Dispatcher and SAP Kernel, where the patch solves the security issue completely.\u00a0<strong>CVSS v3 Base Score<\/strong>:\u00a0<span style=\"color: #ff0000;\"><strong>10<\/strong>\u00a0<\/span>\/ 10 (CVE-2022-22536).<\/li>\n<li><strong><u>Update \u2013 Code injection vulnerability in SAP Manufacturing Integration and Intelligence (3022622):<\/u><\/strong>\u00a0This security note is related to SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having atleast SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The update indicates that this solution is now obsolete and for the complete fix please implement the SAP security note\u00a0<strong>3158613<\/strong>\u00a0.\u00a0<strong>CVSS v3 Base Score<\/strong>:\u00a0<span style=\"color: #ff0000;\"><strong>9,9<\/strong><\/span>\u00a0\/ 10 (CVE-2021-21480).<\/li>\n<li><strong><u>Central Security Note for Remote Code Execution vulnerability associated with Spring Framework (3170990):<\/u><\/strong>\u00a0This security note will be the central document to consolidate all SAP Security Notes released for the Remote Code Execution vulnerability associated with Spring Framework (CVE-2022-22965)..<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">9,8\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-22965).<\/li>\n<li><strong><u>Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services (3189428):<\/u><\/strong>\u00a0SAP HANA Extended Application Services uses a version of Spring Framework which has Remote Code Execution vulnerability (CVE-2022-22965). The solution would be to update SAP HANA XS, advanced model to version 1.0.145 or greater.<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">9,8\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-22965).<\/li>\n<li><strong><u>Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout (3187290):<\/u><\/strong>\u00a0SAP Customer Checkout uses a version of Spring Framework which has Remote Code Execution vulnerability (CVE-2022-22965). To prevent exploiting this vulnerability, update to one of the following versions mentioned below which uses a newer version of Spring Framework:SAP Customer Checkout 2.0 FP13 PL01 or higher, SAP Customer Checkout 2.0 FP12 PL10 or higher, SAP Customer Checkout 2.0 FP11 PL09 or higher .<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">9.8<\/span>\u00a0\/ 10<\/strong>\u00a0(CVE-2022-22965).<\/li>\n<li><strong><u>Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (upto including 16.7 SP05 PL01) (3189429):<\/u><\/strong>\u00a0PowerDesigner Web uses a version of Spring Framework which has Remote Code Execution vulnerability (CVE-2022-22965)..<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">9,8<\/span>\u00a0\/ 10<\/strong>\u00a0(CVE-2022-22965).<\/li>\n<li><strong><u>Update \u2013 Code injection vulnerability in SAP Manufacturing Integration and Intelligence (3158613):<\/u><\/strong>\u00a0This security note is an update to the security note 3022622. Fix provided in the security note 3022622 is no longer valid. SAP MII allows users to create dashboards and save them as JSP through the SSCE(Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. Virus Scan interface has been implemented for all file upload\/import scenarios within MII. A NetWeaver Administrator should configure and enable Virus Scan profile \u00abXMII_VSI\u00bb which will then be used by MII. MII will support BLOCKEXTENSIONS and BLOCKMIMETYPES parameters provided by the profile. Using the virus scanner profile the NetWeaver Administrator can restrict the jsp creation by a XMII developer. .<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">9.1\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2021-21480).<\/li>\n<li><strong><u>Update \u2013 HTTP Request Smuggling in SAP Web Dispatcher (3080567):<\/u><\/strong>\u00a0An unauthenticated attacker can submit a malicious crafted request over a network to a front-end server which may, over a number of attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable. Update your SAP Web Dispatcher. This correction is delivered with the kernel archive SAPWEBDISP.SAR. .<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">8.9<\/span>\u00a0\/ 10<\/strong>\u00a0(CVE-2021-38162).<\/li>\n<li><strong><u>CSRF token visible in one of the URL in SAP Business Intelligence Platform. (3130497):<\/u><\/strong>\u00a0A CSRF token visible in the URL may possible lead to information disclosure vulnerability. This issue is fixed in the patches listed in the \u00abSupport Packages &amp; Patches\u00bb section in the note.<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">8.2\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-27671).<\/li>\n<li><strong><u>Update \u2013 Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad (3149805):<\/u><\/strong>\u00a0It patches a Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad. Our research team detected that SAP Fiori launchpad allows an unauthenticated attacker to manipulate the SAP-theme URL parameter \u2014\u00a0 and inject HTML code \u2014 and create a link over the network for a user to click on. Once the link is clicked, successful exploitation allows the attacker to hijack user privileges that can be used to exfiltrate data and craft a CSRF attack to manipulate data. This can limit the application\u2019s confidentiality and pose risks to its integrity, as well as increase the likelihood of it being completely compromised.<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">8.2\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-26101).<\/li>\n<li><strong><u>Update \u2013 HTTP Request Smuggling in SAP NetWeaver Application Server Java (3123427):<\/u><\/strong>\u00a0SAP NetWeaver Application Server Java is vulnerable to HTTP request smuggling. Due to this vulnerability, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling, which could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim\u2019s logon session. Besides, due to improper error handling, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer, which could result in system shutdown rendering the system unavailable. These vulnerabilities have been fixed by proper memory handling for HTTP pipeline requests. This correction is contained in all patch levels that are equal to or higher than the patch level listed in the \u00abSupport Package Patches\u00bb section of this SAP Note for the desired kernel release.\u00a0<strong>CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">8.1\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-22532).<\/li>\n<li><strong><u>Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce (3155609):<\/u><\/strong>\u00a0SAP Commerce contains an Apache Tomcat application server that has a known vulnerability (CVE-2022-23181). Configuring Tomcat to use FileStore to persist sessions can expose your SAP Commerce system to a time of check, time of use vulnerability that allows attackers to perform actions with the privileges of the user that the Tomcat process is using. The following SAP Commerce patch releases contain the upgraded Tomcat:SAP Commerce Cloud Patch Release 2105.10, SAP Commerce Cloud Patch Release 2011.20, SAP Commerce Cloud Patch Release 2005.25, SAP Commerce Cloud Patch Release 1905.41 .<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">7.5<\/span>\u00a0\/ 10<\/strong>\u00a0(CVE-2022-28772).<\/li>\n<li><strong><u>Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager) (3111311):<\/u><\/strong>\u00a0By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher or Internet Communication Manger, which makes these programs unavailable. Use SAPWEBDISP.SAR to patch standalone SAP Web Dispatcher. Use dw.sar or SAPEXE.SAR and SAPEXEDB.SAR to patch both ICM and embedded SAP Web Dispatcher. The correction is contained in all patch levels that are equal to or higher than the patch level listed in the \u00abSupport Package Patches\u00bb section of this SAP Note for the desired kernel release..<strong>\u00a0CVSS v3 Base Score:\u00a0<span style=\"color: #ff0000;\">7.0\u00a0<\/span>\/ 10<\/strong>\u00a0(CVE-2022-28772).<\/li>\n<\/ol>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Reference links of the CERT of the INCIBE in relation to the publication of the notes for April:<\/p>\n<p><a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-abril-2022\" target=\"_blank\" rel=\"noopener\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-abril-2022<\/a><\/p>\n<p>Other references, from SAP and Onapsis (April):<\/p>\n<p><a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\">https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10<\/a><\/p>\n<p><a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-april-2022-focus-spring4shell-and-sap-mii\">https:\/\/onapsis.com\/blog\/sap-security-patch-day-april-2022-focus-spring4shell-and-sap-mii<\/a><\/p>\n<h3 style=\"font-weight: 400;\"><strong><u>Resources affected<\/u><\/strong><\/h3>\n<div class=\"w-post-elm post_content\">\n<ul>\n<li>Fiori Launchpad, versions 754, 755 y 756;<\/li>\n<li>SAP 3D Visual Enterprise Viewer, version 9;<\/li>\n<li>SAP Business Client, version 6.5;<\/li>\n<li>SAP BusinessObjects Business Intelligence Platform (BI Workspace), version 420;<\/li>\n<li>SAP BusinessObjects Business Intelligence Platform, versions 420 y 430;<\/li>\n<li>SAP BusinessObjects Enterprise (Central Management Server), versions 420 y 430;<\/li>\n<li>SAP Commerce, versions 1905, 2005, 2105 y 2011;<\/li>\n<li>SAP Content Server, version 7.53;<\/li>\n<li>SAP Customer Checkout, version 2.0;<\/li>\n<li>SAP Customer Checkout_SVR, version 2.0;<\/li>\n<li>SAP Focused Run (Simple Diagnostics Agent), version 1.0;<\/li>\n<li>SAP HANA Extended Application Services, version 1;<\/li>\n<li>SAP Innovation Management, version 2;<\/li>\n<li>SAP Manufacturing Integration and Intelligence, versions 15.1, 15.2, 15.3 y 15.4;<\/li>\n<li>SAP NetWeaver:\n<ul>\n<li>ABAP Server and ABAP Platform, versions 740, 750 y 787;<\/li>\n<li>Application Server for Java, version 7.50;<\/li>\n<li>Application Server Java, versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 y 7.53;<\/li>\n<li>Enterprise Portal, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50;<\/li>\n<li>EP Web Page Composer, versions 7.20, 7.30, 7.31, 7.40 y 7.50;<\/li>\n<li>Internet Communication Manager, versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 y 7.86;<\/li>\n<li>SAP NetWeaver and ABAP Platform, versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT y 7.49;<\/li>\n<li>SAP NetWeaver Application Server ABAP and ABAP Platform, versions 700, 710, 711, 730, 731, 740 y 750-756;<\/li>\n<li>SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel), versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT y 7.49;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>SAP SQL Anywhere Server, version 17.0;<\/li>\n<li>SAP Web Dispatcher, versiones 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83, 7.85, 7.86 y 7.87;<\/li>\n<li>SAPS\/4HANA(Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer), versions 104, 105 y 106;<\/li>\n<li>SAPUI5 (vbm library), versions 750, 753, 754, 755 y 756;<\/li>\n<li>SAPUI5, versions: 750, 753, 754, 755, 756 y 200.<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. April 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. In addition to this increase in the total number of notes, the number&#8230;<\/p>\n","protected":false},"author":6,"featured_media":7687,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[],"class_list":["post-7677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, April 2022 - Inprosec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, April 2022\" \/>\n<meta property=\"og:description\" content=\"Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. April 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. In addition to this increase in the total number of notes, the number...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-18T14:26:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-28T09:55:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, April 2022\",\"datePublished\":\"2022-04-18T14:26:29+00:00\",\"dateModified\":\"2023-12-28T09:55:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/\"},\"wordCount\":2124,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/notas-abril-2022-1.jpg\",\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/\",\"name\":\"SAP Security Notes, April 2022 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/notas-abril-2022-1.jpg\",\"datePublished\":\"2022-04-18T14:26:29+00:00\",\"dateModified\":\"2023-12-28T09:55:28+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/notas-abril-2022-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/notas-abril-2022-1.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-april-2022\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, April 2022\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, April 2022 - Inprosec","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, April 2022","og_description":"Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. April 2022 notes Summary and highlights of the month The total number of notes\/patches has increased compared to last month. In addition to this increase in the total number of notes, the number...","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/","og_site_name":"Inprosec","article_published_time":"2022-04-18T14:26:29+00:00","article_modified_time":"2023-12-28T09:55:28+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, April 2022","datePublished":"2022-04-18T14:26:29+00:00","dateModified":"2023-12-28T09:55:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/"},"wordCount":2124,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg","articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/","name":"SAP Security Notes, April 2022 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg","datePublished":"2022-04-18T14:26:29+00:00","dateModified":"2023-12-28T09:55:28+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2022\/04\/notas-abril-2022-1.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-april-2022\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, April 2022"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/7677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=7677"}],"version-history":[{"count":4,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/7677\/revisions"}],"predecessor-version":[{"id":9796,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/7677\/revisions\/9796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/7687"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=7677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=7677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=7677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}