SAP Security Notes Summary – May 2021
Once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Comp. | SAP_Notes | Title | CVSS Score | Released On |
---|---|---|---|---|
EHS-SUS-EM | 2999590 | Incomplete authorization checks for import of environmental data | 4,3 | 25 May 2021 |
BC-FES-CTL | 3023078 | [CVE-2021-27612] SAP GUI for Windows is vulnerable to redirect users to an untrusted website | 3,4 | 11 May 2021 |
BC-XI-IBF-UI | 3012021 | [Multiple CVEs] Multiple vulnerabilities in SAP Process Integration (Integration Builder Framework) | 4,9 | 11 May 2021 |
SBO-BC-INT | 3049755 | [CVE-2021-27613] Information Disclosure in SAP Business One (Chef business-one-cookbook) | 7,8 | 11 May 2021 |
SBO-HANA-COM | 3049661 | [CVE-2021-27616] Multiple vulnerabilities in SAP Business One, version for SAP HANA (Business-One-Hana-Chef-Cookbook) | 7,8 | 11 May 2021 |
BC-CTS-ORG | 3046610 | [CVE-2021-27611] Code Injection vulnerability in SAP NetWeaver AS ABAP | 8,1 | 11 May 2021 |
CEC-COM-CPS | 3039818 | [CVE-2021-27619] Information Disclosure in SAP Commerce (Backoffice search) | 6,5 | 11 May 2021 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 11 May 2021 |
BC-WD-JAV | 2976947 | [CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) | 4,7 | 11 May 2021 |
BC-XI-IBD-INF | 2745860 | Information Disclosure in Enterprise Services Repository of SAP Process Integration | 5,3 | 11 May 2021 |
*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.