SAP Knowledge Base Article - Preview

3227298 - CVE-2022-22970 and CVE-2022-22971 vulnerabilities are detected in HANA XSA server

Symptom

1. A security scan is done on HANA server and the report shows warning for CVE-2022-22970 and CVE-2022-22971 vulnerabilities .

https://tanzu.vmware.com/security/cve-2022-22970

https://tanzu.vmware.com/security/cve-2022-22971

2. These vulnerabilities are regarding spring-core library.

3. Latest XSA (1.0.148) and HANA Cockpit(2.14.11) are already installed.


Read more...

Environment

SAP HANA XS, advanced model

Keywords

DoS, Denial of Service, spring, Data Binding, Spring Framework Advisory, host scanned, CVE-2022-22970, CVE-2022-22971 , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.