SAP Security Notes Summary – July 2021
Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Componet | SAP Notes | Title | CVSS Score | Released On |
---|---|---|---|---|
CRM-BF-COM | 2659604 | Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM | 6,4 | 27.07.2021 |
BC-SRV-RM | 3002517 | [CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform | 6,3 | 27.07.2021 |
IS-R-BD-PCT-IN | 2486446 | Missing Authorization check in Pricat Inbound and Pricat Outbound | 6,3 | 27.07.2021 |
CA-VE-VEV | 3067890 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer | 4,3 | 13.07.2021 |
CRM-MKT-SEG-TGR | 3066316 | [CVE-2021-33676] Missing authorization check in SAP CRM ABAP | 6,8 | 13.07.2021 |
EP-PIN-NAV | 3059764 | [CVE-2021-33687] Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal) | 4,5 | 13.07.2021 |
BC-GP | 3059446 | [CVE-2021-33671] Missing Authorization check in SAP NetWeaver Guided Procedures | 7,6 | 13.07.2021 |
BC-JAS-WEB | 3056652 | [CVE-2021-33670] Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service) | 7,5 | 13.07.2021 |
BI-LUM-SRV-BIP | 3053403 | [CVE-2021-33682] Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server | 5,4 | 13.07.2021 |
BC-SRV-BP | 3048657 | [CVE-2021-33678] Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework) | 6,5 | 13.07.2021 |
BC-MID-RFC-BG | 3044754 | [CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform | 6,5 | 13.07.2021 |
BI-RA-WBI-FE-HTM | 3044751 | [CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad) | 4,3 | 13.07.2021 |
BC-JAS-ADM-ADM | 3038594 | [CVE-2021-33689] Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator) | 3,5 | 13.07.2021 |
BC-MID-RFC | 3032624 | [CVE-2021-33684] Memory Corruption in SAP NetWeaver AS ABAP and ABAP Platform | 5,3 | 13.07.2021 |
BC-MID-RFC | 3007182 | [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform | 9 | 13.07.2021 |
BC-CST-WDP | 3000663 | [CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager | 5,4 | 13.07.2021 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 13.07.2021 |
SCM-BAS-EHS-DG | 2688383 | Missing authorization check in Dangerous Goods Management of EHS Services in SCM | 6,3 | 13.07.2021 |
*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.