SAP Security Notes Summary – October 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
CRM-BF-COM2659604Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM6,426.10.2021
FS-PE2900326Missing Authorization check in Payment Engine8,812.10.2021
BC-CTS-TMS3084937[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver5,412.10.2021
BC-CST-IC3080710[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform6,512.10.2021
SBO-CRO-SEC3079427[CVE-2021-38180] CSV Injection in SAP Business One6,512.10.2021
SBO-CRO-SEC3074819[CVE-2021-38179] Information Disclosure in  SAP Business One6,712.10.2021
SCM-BAS-INT-EXT2655294Missing Authorization check in SCM BAPIs5,312.10.2021
BC-CCM-PRN3100882[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)6,412.10.2021
BI-RA-AWB3098917[CVE-2021-40497] Information Disclosure in  SAP BusinessObjects Analysis (edition for OLAP)4,312.10.2021
BC-MID-ICF-LGN3087254[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform4,312.10.2021
LOD-SF-FWK3077635[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices7,812.10.2021
BI-RA-CR-DB3074693[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)6,912.10.2021
CA-UI5-COR3055347Cross-Site Scripting (XSS) vulnerability in SAPUI56,112.10.2021
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1012.10.2021
XAP-EM3101406Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance9,812.10.2021
BC-ABA-LA3099011[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform5,312.10.2021
BC-CTS-ORG3097887[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform9,112.10.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy