SAP Security Notes Summary – November 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentsNumberTitleCVSS ScoreReleased On
IS-A-VMS2460948Missing Authorization Check in Vehicle Management System5,323.11.2021
SRM-EBP-INT2661033Missing Authorization check in RFC enabled function modules in SRM6,323.11.2021
BC-UPG-NZ3089831[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework9,923.11.2021
BC-CST-WDP3000663[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager5,423.11.2021
FI-LOC-FI-FR3068582[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR5,409.11.2021
BC-FES-GUI3080106[CVE-2021-40503] Information Disclosure in SAP GUI for Windows6,809.11.2021
BC-XI-IBF2607126Cross-Site Request Forgery vulnerability in Enterprise Services Repository of SAP Process Integration6,309.11.2021
BC-MID-RFC3099776[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel9,609.11.2021
IS-R-FRO2827086Several security vulnerabilities in FRP 5.4.0 and FR Engine 5.4.07,909.11.2021
XX-PART-WILY2971638[CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager  and  SAP Focused Run)7,509.11.2021
CEC-COM-CPS-WEB3110328[CVE-2021-40502] Missing Authorization check in SAP Commerce8,309.11.2021
CEC-MKT-OFM3106859URL Redirection vulnerability in Offer Management4,309.11.2021
BC-DWB-TOO3105728[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform4,909.11.2021
PY-PT3104456[CVE-2021-42062] Missing Authorization check in SAP ERP HCM6,509.11.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy