SAP Security Notes Summary – June 2021

Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP
Comp.
SAP_NotesTitleCVSS
Score
Released
On
BC-XI-IBD-MAP3036436[CVE-2021-27604] Potential XXE
Vulnerability in SAP Process Integration
(ESR Java Mappings)
6,522.06.
2021
CEC-COM-CPS-CKP3040210[CVE-2021-27602] Remote Code Execution
vulnerability in Source Rules of SAP
Commerce
9,908.06.
2021
FI-TV-ODT-MTE3025054[CVE-2021-27605 ] Missing Authorization
check in HCM Travel Management
Fiori Apps V2
4,308.06.
2021
BC-MID-RFC3007182[CVE-2021-27610] Improper Authentication
in SAP NetWeaver ABAP Server and
ABAP Platform
908.06.
2021
CA-SUR3004043[CVE-2021-21490] Cross-Site Scripting (XSS)
vulnerability in SAP Netweaver AS for ABAP
(Web Survey)
6,108.06.
2021
BC-SRV-RM3002517[CVE-2021-21473] Missing Authorization
check in SAP NetWeaver AS ABAP and
ABAP Platform
6,308.06.
2021
CA-VE-VEV3059999[Multiple CVEs] Improper Input Validation in
SAP 3D Visual Enterprise Viewer
4,308.06.
2021
SBO-CRO-SEC3058382[CVE-2021-33662] Information Disclosure in
SAP Business One
6,708.06.
2021
BC-JAS-SEC-UME3023299[CVE-2021-27621] Information Disclosure in
SAP NetWeaver AS for Java (UserAdmin)
5,508.06.
2021
BC-CST-DP3021197[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
BC-CST-GW3020209[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
BC-CST-EQ3020104[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
CEC-HCS-CCAZ-CZO2985562[CVE-2021-33666] Cross-Site Scripting (XSS)
in SAP Commerce Cloud
4,708.06.
2021
BC-ESI-WS-JAV-CFG3053066[CVE-2021-27635] Missing XML Validation in
SAP NetWeaver AS for JAVA
8,608.06.
2021
MFG-ME-API3030961[CVE-2021-27615] Cross-Site Scripting (XSS)
vulnerability in SAP Manufacturing Execution
6,408.06.
2021
BC-FES-WGU3028370[CVE-2021-33665] Cross-Site Scripting (XSS)
vulnerability within SAP NetWeaver AS
ABAP (Applications based on SAP GUI
for HTML)
5,408.06.
2021
BC-WD-ABA3025604[CVE-2021-33664] Cross-Site Scripting (XSS)
vulnerability within SAP NetWeaver AS ABAP
(Applications based on Web Dynpro
ABAP)
5,408.06.
2021
BC-FES-IGS3021050[Multiple CVEs] Memory Corruption
vulnerability in SAP Internet Graphics Service
5,908.06.
2021
KM-WPB-MGR3049879[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce
Performance Builder – Manager)
5,908.06.
2021
BC-CST-IC3030604[CVE-2021-33663] Plaintext Injection in SAP
NetWeaver AS for ABAP
5,808.06.
2021
source: www.sap.com

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2021. SAPBasisWorld.com Privacy Policy