SAP GUI chronicle – even you are using NWBC client, can you ignore web browser vulnerability? (17th Feb 2023)

Preface: It was the periodically recurring SAP Security Note #2622660 which patches the latest Chromium vulnerabilities for SAP Business Client.

Background: Difference between SAP NWBC and SAP GUI?
Web Dynpro is the SAP NetWeaver programming model for user interfaces (UIs).
– Using SAP GUI, when you execute WD (Web Dynpro) application, it opens in a browser.

-The SAP NetWeaver Business Client enables direct connectivity to the ABAP back-end system and PFCG role repository centrally holding SAP GUI, Web Dynpro and various Web content applications. NWBC provides role-based access to applications either.

Remark: SAP GUI is a prerequsite of NWBC client. You will still require SAP GUI to be installed on the desktop.

Update – Security updates for the browser control Google Chromium delivered with SAP Business Client (2622660): This security note addresses multiple vulnerabilities in the 3rd party web browser control Chromium, which can be used within SAP Business Client. This note will be modified periodically based on web browser updates by the open-source project Chromium. The note priority is based on the highest CVSS score of all the vulnerabilities fixed in the latest browser release. If the SAP Business Client release is not updated to the latest patch level, displaying web pages in SAP Business Client via this open-source browser control might lead to different vulnerabilities like memory corruption, Information Disclosure and the like. The solution will be to update the SAP Business Client patch to the newest one, which contains the most current stable major release of the Chromium browser control, which passed the SAP internal quality measurements of SAP Business Client. CVSS v3 Base Score: 10 / 10 (Multiple CVE´s).

Technical articles: SAP Security Patch Day (February 2023. For details, please refer to the url link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.