SAP Security Patch Day 06/2022

“No pearls today!”

With this quote from episode 39 of “The Three Detectives ???”, the author reveals himself to be a fan of the radio play series about Justus, Peter, and Bob from Rocky Beach. In the episode “The Pearl Birds”, this message is sent to inform that no pearl can be captured that day.

And like good detectives, security officers sometimes must exercise patience and just do the diligence work – without anything countable coming out right away. And that’s how the June patch day feels, which we want to apply in the usual manner to our own HCM system.

The highest priority is the ongoing note 2622660 with a CVSS value of maximum 10.0, describing the updates to the Google Chromium Plugin in SAP Business Client. As also described in our February 2022 blog, we recommend regularly updating the SAP Business Client.

The note with the second highest criticality of CVSS = 8.6 has the number 3158375, where a vulnerability in the SAP Router is addressed via patching this component. The SAP Router is a “middleware” which controls the connection between SAP systems or also the outside world (non-SAP). Since this is not an ABAP-based fix, the execution of the patching typically belongs to the Basis team and should be coordinated in a timely manner.

The other SAP Security Notes of the June patch day have on the one hand a lower priority, on the other hand they cannot be applied to our system, because the components are not available or have the wrong status. So just: “No pearls today!”