SAP Security Notes Summary – December 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentsNumber Title CVSS Score Released On
XX-SER-SN3131047[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component1031.12.2021
IOT-EDG-OD3132515[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition1030.12.2021
XX-PART-ADB-IFM3131691[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)5,530.12.2021
BC-XI-CON-JWS3133005[CVE-2021-45105] Denial of service (DOS) associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration6,528.12.2021
BC-XS-ADM3131397[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit1024.12.2021
BC-XS-ADM3134531[CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit7,524.12.2021
BC-XS-ADM3132822Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit924.12.2021
KM-WPB-MGR3132964[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager1024.12.2021
OPU-API-OD-DT3132162[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)1024.12.2021
IOT-EDG-OP3132909[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition1024.12.2021
LOD-CRM-GW-LN3132074[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn823.12.2021
IS-SE-CCO3133772[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout1022.12.2021
CA-GTF-CSC-EDO-IN-DC3132177[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India1022.12.2021
BC-NEO-SVC-IOT3132922[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform1021.12.2021
BC-CP-XF-KYMA3132744[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma1021.12.2021
BC-CP-CF-RT3130578[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry1021.12.2021
BC-VCM-LVM3132198[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management9,820.12.2021
IS-PMED-HPH3131824[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 – Fhirserver820.12.2021
BC-XI-CON-JWS3132204[CVE-2021-45046] Denial of service (DOS) associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration8,520.12.2021
CA-VE-VEV3121165[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,317.12.2021
BC-XS-RT3131258[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA1016.12.2021
BC-XI-CON-JWS3130521[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration9,916.12.2021
LOD-SF-FWK3077635[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices7,814.12.2021
GRC-ACP3080816[CVE-2021-44233] Missing Authorization check in GRC Access Control2,414.12.2021
BC-INS-TC-CNT3123196[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP8,414.12.2021
BC-DOC-TTL3119365[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)9,914.12.2021
CEC-COM-CPS-COR3114134[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce8,814.12.2021
CEC-COM-CPS-COR3113593Denial of service (DOS) in SAP Commerce7,514.12.2021
CEC-COM-CPS-WEB-CAI3109577Code Execution vulnerability in SAP Commerce, localization for China9,914.12.2021
BC-VCM-LVM3107332Missing Authorization Check in SAP Landscape Management6,614.12.2021
BI-RA-WBI-FE-HTM3103677[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform  (Web Intelligence)4,114.12.2021
KM-KW-HTA3102769[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse8,814.12.2021
CA-FLP-ABA3051005Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad3,514.12.2021
FI-LOC-SAF3124094[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework7,714.12.2021
CA-UI5-DLV2843016[CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler4,314.12.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1014.12.2021
IS-ADEC-ETM2484231Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)4,314.12.2021
source: www.sap.com

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy