SAP Security Notes Summary – July 2021

Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponetSAP NotesTitleCVSS ScoreReleased On
CRM-BF-COM2659604Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM6,427.07.2021
BC-SRV-RM3002517[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform6,327.07.2021
IS-R-BD-PCT-IN2486446Missing Authorization check in Pricat Inbound and Pricat Outbound6,327.07.2021
CA-VE-VEV3067890[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,313.07.2021
CRM-MKT-SEG-TGR3066316[CVE-2021-33676] Missing authorization check in SAP CRM ABAP6,813.07.2021
EP-PIN-NAV3059764[CVE-2021-33687] Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal)4,513.07.2021
BC-GP3059446[CVE-2021-33671] Missing Authorization check in SAP NetWeaver Guided Procedures7,613.07.2021
BC-JAS-WEB3056652[CVE-2021-33670] Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service)7,513.07.2021
BI-LUM-SRV-BIP3053403[CVE-2021-33682] Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server5,413.07.2021
BC-SRV-BP3048657[CVE-2021-33678] Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework)6,513.07.2021
BC-MID-RFC-BG3044754[CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform6,513.07.2021
BI-RA-WBI-FE-HTM3044751[CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad)4,313.07.2021
BC-JAS-ADM-ADM3038594[CVE-2021-33689] Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator)3,513.07.2021
BC-MID-RFC3032624[CVE-2021-33684] Memory Corruption in SAP NetWeaver AS ABAP and ABAP Platform5,313.07.2021
BC-MID-RFC3007182[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform913.07.2021
BC-CST-WDP3000663[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager5,413.07.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1013.07.2021
SCM-BAS-EHS-DG2688383Missing authorization check in Dangerous Goods Management of EHS Services in SCM6,313.07.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy