SAP Security Notes Summary – September 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentSAP NotesTitleCVSS ScoreReleased On
CO-FIO-OM-PL2988956Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data5,428.09.2021
CO-FIO-OM-PL2988962Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data5,428.09.2021
XX-CSC-OM-FI2308378Missing Authorization check in Financial Accounting4,314.09.2021
CA-VE-VEV3087791[CVE-2021-38174] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,314.09.2021
EP-PIN-PRT3082219[CVE-2021-21489] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal4,814.09.2021
BC-ESI-WS-JAV-RT3081888[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)9,914.09.2021
SBO-CRO-SEC3075546[CVE-2021-37532] Directory Listing Enabled in SAP Business One4,314.09.2021
CRM-CCI3073891[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center9,614.09.2021
FI-LOC-FI-FR3068582[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR5,414.09.2021
CEC-MKT-CPG-LNS3068337Reverse tabnabbing vulnerability in SAP Marketing Lead Nurture Stream3,514.09.2021
BC-FES-BUS-DSK3060621[CVE-2021-38150] Information disclosure in SAP Business Client6,114.09.2021
BC-UPG-NZ3089831[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework9,914.09.2021
EP-VC-RTM3084487[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)9,914.09.2021
BW-BEX-OT-RRI3082500[CVE-2021-38175] Information Disclosure in SAP Analysis for Microsoft Office6,514.09.2021
BC-CST-WDP3080567[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher8,914.09.2021
BC-JAS-JMS3078609[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)1014.09.2021
SBO-CRO-SEC3070138[CVE-2021-33686] Information Disclosure in  SAP Business One5,314.09.2021
SBO-CRO-SEC3069882[CVE-2021-33688]  SQL Injection vulnerability in SAP Business One4,314.09.2021
SBO-CRO-SEC3069032[CVE-2021-33685] Directory Traversal vulnerability in SAP Business One6,514.09.2021
BI-BIP-INV3055180[CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)5,414.09.2021
BC-IAM-SSO-CCL3051787[CVE-2021-38177] Null Pointer Dereference vulnerability in SAP CommonCryptoLib7,514.09.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024. Privacy Policy