SAP Security Notes Summary – October 2021
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
CRM-BF-COM | 2659604 | Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM | 6,4 | 26.10.2021 |
FS-PE | 2900326 | Missing Authorization check in Payment Engine | 8,8 | 12.10.2021 |
BC-CTS-TMS | 3084937 | [CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver | 5,4 | 12.10.2021 |
BC-CST-IC | 3080710 | [CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform | 6,5 | 12.10.2021 |
SBO-CRO-SEC | 3079427 | [CVE-2021-38180] CSV Injection in SAP Business One | 6,5 | 12.10.2021 |
SBO-CRO-SEC | 3074819 | [CVE-2021-38179] Information Disclosure in SAP Business One | 6,7 | 12.10.2021 |
SCM-BAS-INT-EXT | 2655294 | Missing Authorization check in SCM BAPIs | 5,3 | 12.10.2021 |
BC-CCM-PRN | 3100882 | [CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint) | 6,4 | 12.10.2021 |
BI-RA-AWB | 3098917 | [CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP) | 4,3 | 12.10.2021 |
BC-MID-ICF-LGN | 3087254 | [CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform | 4,3 | 12.10.2021 |
LOD-SF-FWK | 3077635 | [CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices | 7,8 | 12.10.2021 |
BI-RA-CR-DB | 3074693 | [CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports) | 6,9 | 12.10.2021 |
CA-UI5-COR | 3055347 | Cross-Site Scripting (XSS) vulnerability in SAPUI5 | 6,1 | 12.10.2021 |
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 12.10.2021 |
XAP-EM | 3101406 | Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance | 9,8 | 12.10.2021 |
BC-ABA-LA | 3099011 | [CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform | 5,3 | 12.10.2021 |
BC-CTS-ORG | 3097887 | [CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform | 9,1 | 12.10.2021 |
*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.