SAP Security Notes Summary – October 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
CRM-BF-COM2659604Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM6,426.10.2021
FS-PE2900326Missing Authorization check in Payment Engine8,812.10.2021
BC-CTS-TMS3084937[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver5,412.10.2021
BC-CST-IC3080710[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform6,512.10.2021
SBO-CRO-SEC3079427[CVE-2021-38180] CSV Injection in SAP Business One6,512.10.2021
SBO-CRO-SEC3074819[CVE-2021-38179] Information Disclosure in  SAP Business One6,712.10.2021
SCM-BAS-INT-EXT2655294Missing Authorization check in SCM BAPIs5,312.10.2021
BC-CCM-PRN3100882[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)6,412.10.2021
BI-RA-AWB3098917[CVE-2021-40497] Information Disclosure in  SAP BusinessObjects Analysis (edition for OLAP)4,312.10.2021
BC-MID-ICF-LGN3087254[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform4,312.10.2021
LOD-SF-FWK3077635[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices7,812.10.2021
BI-RA-CR-DB3074693[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)6,912.10.2021
CA-UI5-COR3055347Cross-Site Scripting (XSS) vulnerability in SAPUI56,112.10.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.10.2021
XAP-EM3101406Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance9,812.10.2021
BC-ABA-LA3099011[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform5,312.10.2021
BC-CTS-ORG3097887[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform9,112.10.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy