SAP Knowledge Base Article - Preview

3361539 - [CVE-2022-48285] SAP_UI contains vulnerable 3rd party packages - which can cause Arbitrary File Write


  • SAP ABAP UI5 based applications has a vulnerability caused by an outdated UI5 component delivered by SAP
  • The application is currently using the JSZip package version 3.7.1.
  • This package has known security vulnerabilities which can cause Arbitrary File Write, under certain circumstances
  • Are there already any SAP UI5 Versions available that contain a newer jszip package an in case yes, which?
  • How does SAP ensure the patching of vulnerable 3rd party products within SAP UI5?



SAPUI5 1.71.55


SAPUI5 1.0


"SAP_UI contains vulnerable 3rd party packages","CVE-2022-48285","known security vulnerabilities which can cause Arbitrary File Write" , KBA , CA-UI5-TBL , SAP UI5 table, smart table, list and tree controls , CA-UI5-COR , Core and Runtime , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.