SAP Security Notes Summary – August 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP Componet SAP Notes Title CVSS Score Released On
SBO-CRO-SEC3071984[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One9,924.08.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1024.08.2021
BC-CST-WDP3057378Missing Authentication check in SAP Web Dispatcher8,810.08.2021
BC-UPG-NZ3078312[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation9,110.08.2021
EP-KM-CM3076399[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)6,110.08.2021
EP-PIN-URL-UIV3074844[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal8,110.08.2021
EP-PIN-NAV3073681[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal8,310.08.2021
BC-CTS-DI3073450[CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)6,910.08.2021
SBO-CRO-SEC3073325[CVE-2021-33700] Missing Authentication check in SAP Business One710.08.2021
BC-CTS-CBS-SRV3072955[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)9,910.08.2021
EP-PIN-NAV3072920[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal8,310.08.2021
MOB-FC3067219[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android7,610.08.2021
BI-BIP-INV3063048[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)4,710.08.2021
BC-MID-SCC3058553[CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector6,810.08.2021
BC-SRV-RM3002517[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform6,310.08.2021
CRM-MW2675775Switchable Authorization checks for RFC in CRM Middleware6,310.08.2021
SBO-CRO-SEC3078072[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)6,310.08.2021
BI-RA-CR-VW3062085[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)5,410.08.2021
source: www.sap.com

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2021. SAPBasisWorld.com Privacy Policy