SAP Security Notes Summary – June 2021
Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
| SAP Comp. | SAP_Notes | Title | CVSS Score | Released On |
|---|---|---|---|---|
| BC-XI-IBD-MAP | 3036436 | [CVE-2021-27604] Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings) | 6,5 | 22.06. 2021 |
| CEC-COM-CPS-CKP | 3040210 | [CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce | 9,9 | 08.06. 2021 |
| FI-TV-ODT-MTE | 3025054 | [CVE-2021-27605 ] Missing Authorization check in HCM Travel Management Fiori Apps V2 | 4,3 | 08.06. 2021 |
| BC-MID-RFC | 3007182 | [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform | 9 | 08.06. 2021 |
| CA-SUR | 3004043 | [CVE-2021-21490] Cross-Site Scripting (XSS) vulnerability in SAP Netweaver AS for ABAP (Web Survey) | 6,1 | 08.06. 2021 |
| BC-SRV-RM | 3002517 | [CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform | 6,3 | 08.06. 2021 |
| CA-VE-VEV | 3059999 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer | 4,3 | 08.06. 2021 |
| SBO-CRO-SEC | 3058382 | [CVE-2021-33662] Information Disclosure in SAP Business One | 6,7 | 08.06. 2021 |
| BC-JAS-SEC-UME | 3023299 | [CVE-2021-27621] Information Disclosure in SAP NetWeaver AS for Java (UserAdmin) | 5,5 | 08.06. 2021 |
| BC-CST-DP | 3021197 | [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 7,5 | 08.06. 2021 |
| BC-CST-GW | 3020209 | [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 7,5 | 08.06. 2021 |
| BC-CST-EQ | 3020104 | [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Server and ABAP Platform | 7,5 | 08.06. 2021 |
| CEC-HCS-CCAZ-CZO | 2985562 | [CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud | 4,7 | 08.06. 2021 |
| BC-ESI-WS-JAV-CFG | 3053066 | [CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA | 8,6 | 08.06. 2021 |
| MFG-ME-API | 3030961 | [CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution | 6,4 | 08.06. 2021 |
| BC-FES-WGU | 3028370 | [CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on SAP GUI for HTML) | 5,4 | 08.06. 2021 |
| BC-WD-ABA | 3025604 | [CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on Web Dynpro ABAP) | 5,4 | 08.06. 2021 |
| BC-FES-IGS | 3021050 | [Multiple CVEs] Memory Corruption vulnerability in SAP Internet Graphics Service | 5,9 | 08.06. 2021 |
| KM-WPB-MGR | 3049879 | [CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder – Manager) | 5,9 | 08.06. 2021 |
| BC-CST-IC | 3030604 | [CVE-2021-33663] Plaintext Injection in SAP NetWeaver AS for ABAP | 5,8 | 08.06. 2021 |
*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.