SAP Security Notes Summary – July 2021

Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponetSAP NotesTitleCVSS ScoreReleased On
CRM-BF-COM2659604Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM6,427.07.2021
BC-SRV-RM3002517[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform6,327.07.2021
IS-R-BD-PCT-IN2486446Missing Authorization check in Pricat Inbound and Pricat Outbound6,327.07.2021
CA-VE-VEV3067890[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,313.07.2021
CRM-MKT-SEG-TGR3066316[CVE-2021-33676] Missing authorization check in SAP CRM ABAP6,813.07.2021
EP-PIN-NAV3059764[CVE-2021-33687] Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal)4,513.07.2021
BC-GP3059446[CVE-2021-33671] Missing Authorization check in SAP NetWeaver Guided Procedures7,613.07.2021
BC-JAS-WEB3056652[CVE-2021-33670] Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service)7,513.07.2021
BI-LUM-SRV-BIP3053403[CVE-2021-33682] Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server5,413.07.2021
BC-SRV-BP3048657[CVE-2021-33678] Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework)6,513.07.2021
BC-MID-RFC-BG3044754[CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform6,513.07.2021
BI-RA-WBI-FE-HTM3044751[CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad)4,313.07.2021
BC-JAS-ADM-ADM3038594[CVE-2021-33689] Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator)3,513.07.2021
BC-MID-RFC3032624[CVE-2021-33684] Memory Corruption in SAP NetWeaver AS ABAP and ABAP Platform5,313.07.2021
BC-MID-RFC3007182[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform913.07.2021
BC-CST-WDP3000663[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager5,413.07.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1013.07.2021
SCM-BAS-EHS-DG2688383Missing authorization check in Dangerous Goods Management of EHS Services in SCM6,313.07.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy