Symptom
1. A security scan is done on HANA server and the report shows warning for CVE-2022-22970 and CVE-2022-22971 vulnerabilities .
https://tanzu.vmware.com/security/cve-2022-22970
https://tanzu.vmware.com/security/cve-2022-22971
2. These vulnerabilities are regarding spring-core library.
3. Latest XSA (1.0.148) and HANA Cockpit(2.14.11) are already installed.
Read more...
Environment
SAP HANA XS, advanced model
Keywords
DoS, Denial of Service, spring, Data Binding, Spring Framework Advisory, host scanned, CVE-2022-22970, CVE-2022-22971 , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.