{"id":8579,"date":"2023-01-11T12:04:56","date_gmt":"2023-01-11T10:04:56","guid":{"rendered":"http:\/\/inprosec.com\/?p=8579"},"modified":"2023-12-28T11:49:26","modified_gmt":"2023-12-28T09:49:26","slug":"sap-security-notes-january-2023","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/","title":{"rendered":"SAP Security Notes, January 2023"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<h2>January 2023 notes<\/h2>\n<h3>Summary and highlights of the month<\/h3>\n<p>The total number of notes\/patches was 12, 8 less than last month. The number of Hot News increased from 5 to 7 this month. On the other hand, it is worth noting that the number of high criticality notes decreases, as there are none this month. As usual we will leave the medium and low notes unchecked this month, but w<strong>e will give details of a total of 7 notes<\/strong> (all those with a CVSS of<span style=\"color: #bbc40c;\"> 7<\/span> or higher).<\/p>\n<p>We have <strong>a total of 12 notes<\/strong> for the whole month (the 12 from Patch Tuesday, 9 new and 3 updates, that&#8217;s 7 notes less than last month).<\/p>\n<p>We will review in detail the<strong> 7 HotNews<\/strong>, 4 of the 7 HotNews are new:<\/p>\n<ol>\n<li><strong>The most critical notes of the month<\/strong> (with <strong>CVSS <span style=\"color: #ff0000;\">9.9<\/span><\/strong>) are 4 HotNews, 2 new, one related to Business Planning and Consolidation, <strong>&#8220;SQL Injection vulnerability in SAP Business Planning and Consolidation MS&#8221;<\/strong> and the other one related to Business Intelligence Platform, <strong>&#8220;Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform&#8221;<\/strong>, the following 2 notes, are updates, one related to <strong>&#8220;Improper access control in SAP NetWeaver Process Integration&#8221;<\/strong>, update of a note published in the Patch Day of December 2022, the other updated note is related to Business Intelligence Platform <strong>&#8220;Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)&#8221;<\/strong>, update of a note published in the Patch Day of November 2022.<\/li>\n<li>The next in criticality (with <strong>CVSS <span style=\"color: #ff0000;\">9.4<\/span><\/strong>) are 2 HotNews, one related to &#8220;<strong>Improper access control in SAP NetWeaver AS for Java<\/strong>&#8221; and the other related to &#8220;<strong>Improper access control in SAP NetWeaver Process Integration&#8221; (Messaging System)<\/strong>, this last note is an update of a note released in the Patch Day December 2022.<\/li>\n<li>The next criticality note (with <strong>CVSS <span style=\"color: #ff0000;\">9.0<\/span><\/strong>) is related to &#8220;<strong>Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform<\/strong>&#8220;.<\/li>\n<li>This month the most predominant type is &#8220;Cross-Site Scripting (XSS)&#8221; ( 3\/12 in patch day).<\/li>\n<\/ol>\n<p>In the graph (post January 2023 from SAP) we can see the <span style=\"text-decoration: underline;\"><strong>ranking of the January notes<\/strong><\/span> in addition to the evolution and ranking of the last 5 previous months (only the notes of Sec. Tuesday \/ Patch Day &#8211; by SAP):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-8581\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg\" alt=\"\" width=\"700\" height=\"367\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg 1200w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero-300x158.jpg 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero-1024x538.jpg 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero-600x315.jpg 600w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/p>\n<h3>Full details<\/h3>\n<p>The <strong>complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n<ol>\n<li><strong><u>SQL Injection vulnerability in SAP Business Planning and Consolidation MS (3275391<\/u><\/strong><strong>)<\/strong> AP\u00a0Business Planning and Consolidation MS allows an unauthorized attacker to execute crafted database queries. An exploitation of this issue could allow an attacker to access, modify, and\/or delete data from the backend database.. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,9<\/span> \/ 10 [CVE-2023-0016].<\/strong><\/li>\n<li><strong><u>Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (3262810):<\/u><\/strong> SAP BusinessObjects Business Intelligence Analysis\u00a0edition for OLAP\u00a0allows an authenticated attacker to inject malicious code that can be executed by the application over the network.\u00a0On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and\u00a0availability of the application. . <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,9<\/span> \/ 10 [CVE-2023-0022].<\/strong><\/li>\n<li><strong><u>Update &#8211; Improper access control in SAP NetWeaver Process Integration (User Defined Search) (3273480<\/u><\/strong>): An\u00a0unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the\u00a0<em>User Defined Search (UDS) of SAP NetWeaver Process Integration (PI)<\/em>\u00a0and make use of an open naming and directory api to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access for user data, to make limited modifications to user data and to degrade performance of the system, leading to high impact on confidentiality and limited impact on availability and integrity of the application. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,9<\/span> \/ 10 [CVE-2022-41272].<\/strong><\/li>\n<li><strong><u>Update &#8211; Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) (3243924<\/u><\/strong>): There is no verification in the de-serialization process, in some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with malicious serialized one, which leads to deserialization of untrusted data vulnerability. Note update includes a workaround. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,9<\/span> \/ 10 <\/strong><strong>[CVE-2022-41203].<\/strong><\/li>\n<li><strong><u>Update &#8211; Improper access control in SAP NetWeaver Process Integration (Messaging System) (3267780): <\/u><\/strong>An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI). This user can make use of an open naming and directory api to access services which could perform unauthorized operations. The vulnerability affects local users and data, leading to considerable impact on confidentiality as well availability and also limited impact on integrity of the application. These operations can be used to read any information ,modify sensitive information ,Denial of Service attacks (DoS) and SQL injection. This note has been reissued with the correction of SP017 and SP018 of version 7.50.<strong> CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,4<\/span> \/ 10 [CVE-2022-41271].<\/strong><\/li>\n<li><strong><u>Improper access control in SAP NetWeaver AS for Java (3268093<\/u><\/strong><strong>):<\/strong> An unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access for user data, to make modifications to user data and to make particular services within the system unavailable. <strong>CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,4<\/span> \/ 10 [CVE-2023-0017].<\/strong><\/li>\n<li><strong><u>Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (3089413<\/u><\/strong>): The system identification hash is not unique, SAP NetWeaver ABAP Server and ABAP Platform creates information about system identity in an ambiguous format. This may be exploited by malicious users to obtain illegitimate access to the system, with this note the system ID will become unique.<strong> CVSS v3 Base Score: <span style=\"color: #ff0000;\">9,0<\/span> \/ 10 [CVE-2023-0014].<\/strong><\/li>\n<\/ol>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Other references, from SAP and Onapsis (January):<\/p>\n<p><a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\">Digital Library (sap.com)<\/a><\/p>\n<p><a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-january-2023\">SAP Patch Day: January 2023 &#8211; Onapsis<\/a><\/p>\n<h3 style=\"font-weight: 400;\"><strong><u>Resources affected<\/u><\/strong><\/h3>\n<div class=\"w-post-elm post_content\">\n<ul>\n<li>SAP BPC MS 10.0, Versions -800, 810<\/li>\n<li>SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP), Versions -420, 430<\/li>\n<li>SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad), Versions -4.2, 4.3<\/li>\n<li>SAP NetWeaver ABAP Server and ABAP Platform, Versions-SAP_BASIS 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT<\/li>\n<li>SAP NetWeaver AS for Java, Version \u20137.50<\/li>\n<li>SAP NetWeaver Process Integration, Version \u20137.50<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. January 2023 notes Summary and highlights of the month The total number of notes\/patches was 12, 8 less than last month. The number of Hot News increased from 5 to 7 this month&#8230;.<\/p>\n","protected":false},"author":6,"featured_media":8581,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[],"class_list":["post-8579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, January 2023 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, January 2023\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-11T10:04:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-28T09:49:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, January 2023\",\"datePublished\":\"2023-01-11T10:04:56+00:00\",\"dateModified\":\"2023-12-28T09:49:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/\"},\"wordCount\":1046,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/notas-sap-enero.jpg\",\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/\",\"name\":\"SAP Security Notes, January 2023 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/notas-sap-enero.jpg\",\"datePublished\":\"2023-01-11T10:04:56+00:00\",\"dateModified\":\"2023-12-28T09:49:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/notas-sap-enero.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/notas-sap-enero.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2023\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, January 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, January 2023 - Inprosec","description":"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, January 2023","og_description":"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/","og_site_name":"Inprosec","article_published_time":"2023-01-11T10:04:56+00:00","article_modified_time":"2023-12-28T09:49:26+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, January 2023","datePublished":"2023-01-11T10:04:56+00:00","dateModified":"2023-12-28T09:49:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/"},"wordCount":1046,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg","articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/","name":"SAP Security Notes, January 2023 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg","datePublished":"2023-01-11T10:04:56+00:00","dateModified":"2023-12-28T09:49:26+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from January 2023, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2023\/01\/notas-sap-enero.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, January 2023"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=8579"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8579\/revisions"}],"predecessor-version":[{"id":9787,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/8579\/revisions\/9787"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/8581"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=8579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=8579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=8579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}