SAP Security Notes Summary – June 2021

Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP
Comp.
SAP_NotesTitleCVSS
Score
Released
On
BC-XI-IBD-MAP3036436[CVE-2021-27604] Potential XXE
Vulnerability in SAP Process Integration
(ESR Java Mappings)
6,522.06.
2021
CEC-COM-CPS-CKP3040210[CVE-2021-27602] Remote Code Execution
vulnerability in Source Rules of SAP
Commerce
9,908.06.
2021
FI-TV-ODT-MTE3025054[CVE-2021-27605 ] Missing Authorization
check in HCM Travel Management
Fiori Apps V2
4,308.06.
2021
BC-MID-RFC3007182[CVE-2021-27610] Improper Authentication
in SAP NetWeaver ABAP Server and
ABAP Platform
908.06.
2021
CA-SUR3004043[CVE-2021-21490] Cross-Site Scripting (XSS)
vulnerability in SAP Netweaver AS for ABAP
(Web Survey)
6,108.06.
2021
BC-SRV-RM3002517[CVE-2021-21473] Missing Authorization
check in SAP NetWeaver AS ABAP and
ABAP Platform
6,308.06.
2021
CA-VE-VEV3059999[Multiple CVEs] Improper Input Validation in
SAP 3D Visual Enterprise Viewer
4,308.06.
2021
SBO-CRO-SEC3058382[CVE-2021-33662] Information Disclosure in
SAP Business One
6,708.06.
2021
BC-JAS-SEC-UME3023299[CVE-2021-27621] Information Disclosure in
SAP NetWeaver AS for Java (UserAdmin)
5,508.06.
2021
BC-CST-DP3021197[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
BC-CST-GW3020209[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
BC-CST-EQ3020104[Multiple CVEs] Memory Corruption
vulnerability in SAP NetWeaver
ABAP Server and ABAP Platform
7,508.06.
2021
CEC-HCS-CCAZ-CZO2985562[CVE-2021-33666] Cross-Site Scripting (XSS)
in SAP Commerce Cloud
4,708.06.
2021
BC-ESI-WS-JAV-CFG3053066[CVE-2021-27635] Missing XML Validation in
SAP NetWeaver AS for JAVA
8,608.06.
2021
MFG-ME-API3030961[CVE-2021-27615] Cross-Site Scripting (XSS)
vulnerability in SAP Manufacturing Execution
6,408.06.
2021
BC-FES-WGU3028370[CVE-2021-33665] Cross-Site Scripting (XSS)
vulnerability within SAP NetWeaver AS
ABAP (Applications based on SAP GUI
for HTML)
5,408.06.
2021
BC-WD-ABA3025604[CVE-2021-33664] Cross-Site Scripting (XSS)
vulnerability within SAP NetWeaver AS ABAP
(Applications based on Web Dynpro
ABAP)
5,408.06.
2021
BC-FES-IGS3021050[Multiple CVEs] Memory Corruption
vulnerability in SAP Internet Graphics Service
5,908.06.
2021
KM-WPB-MGR3049879[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce
Performance Builder – Manager)
5,908.06.
2021
BC-CST-IC3030604[CVE-2021-33663] Plaintext Injection in SAP
NetWeaver AS for ABAP
5,808.06.
2021
source: www.sap.com

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. SAPBasisWorld.com Privacy Policy