SAP Security Notes Summary – November 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentsNumberTitleCVSS ScoreReleased On
IS-A-VMS2460948Missing Authorization Check in Vehicle Management System5,323.11.2021
SRM-EBP-INT2661033Missing Authorization check in RFC enabled function modules in SRM6,323.11.2021
BC-UPG-NZ3089831[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework9,923.11.2021
BC-CST-WDP3000663[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager5,423.11.2021
FI-LOC-FI-FR3068582[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR5,409.11.2021
BC-FES-GUI3080106[CVE-2021-40503] Information Disclosure in SAP GUI for Windows6,809.11.2021
BC-XI-IBF2607126Cross-Site Request Forgery vulnerability in Enterprise Services Repository of SAP Process Integration6,309.11.2021
BC-MID-RFC3099776[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel9,609.11.2021
IS-R-FRO2827086Several security vulnerabilities in FRP 5.4.0 and FR Engine 5.4.07,909.11.2021
XX-PART-WILY2971638[CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager  and  SAP Focused Run)7,509.11.2021
CEC-COM-CPS-WEB3110328[CVE-2021-40502] Missing Authorization check in SAP Commerce8,309.11.2021
CEC-MKT-OFM3106859URL Redirection vulnerability in Offer Management4,309.11.2021
BC-DWB-TOO3105728[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform4,909.11.2021
PY-PT3104456[CVE-2021-42062] Missing Authorization check in SAP ERP HCM6,509.11.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy