SAP Security Notes Summary – August 2021
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Componet | SAP Notes | Title | CVSS Score | Released On |
---|---|---|---|---|
SBO-CRO-SEC | 3071984 | [CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One | 9,9 | 24.08.2021 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 24.08.2021 |
BC-CST-WDP | 3057378 | Missing Authentication check in SAP Web Dispatcher | 8,8 | 10.08.2021 |
BC-UPG-NZ | 3078312 | [CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation | 9,1 | 10.08.2021 |
EP-KM-CM | 3076399 | [CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management) | 6,1 | 10.08.2021 |
EP-PIN-URL-UIV | 3074844 | [CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal | 8,1 | 10.08.2021 |
EP-PIN-NAV | 3073681 | [CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 8,3 | 10.08.2021 |
BC-CTS-DI | 3073450 | [CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service) | 6,9 | 10.08.2021 |
SBO-CRO-SEC | 3073325 | [CVE-2021-33700] Missing Authentication check in SAP Business One | 7 | 10.08.2021 |
BC-CTS-CBS-SRV | 3072955 | [CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service) | 9,9 | 10.08.2021 |
EP-PIN-NAV | 3072920 | [CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | 8,3 | 10.08.2021 |
MOB-FC | 3067219 | [CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android | 7,6 | 10.08.2021 |
BI-BIP-INV | 3063048 | [CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5) | 4,7 | 10.08.2021 |
BC-MID-SCC | 3058553 | [CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector | 6,8 | 10.08.2021 |
BC-SRV-RM | 3002517 | [CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform | 6,3 | 10.08.2021 |
CRM-MW | 2675775 | Switchable Authorization checks for RFC in CRM Middleware | 6,3 | 10.08.2021 |
SBO-CRO-SEC | 3078072 | [CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer) | 6,3 | 10.08.2021 |
BI-RA-CR-VW | 3062085 | [CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) | 5,4 | 10.08.2021 |
*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.