SAP Security Notes Summary – September 2021

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentSAP NotesTitleCVSS ScoreReleased On
CO-FIO-OM-PL2988956Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data5,428.09.2021
CO-FIO-OM-PL2988962Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data5,428.09.2021
XX-CSC-OM-FI2308378Missing Authorization check in Financial Accounting4,314.09.2021
CA-VE-VEV3087791[CVE-2021-38174] Improper Input Validation in SAP 3D Visual Enterprise Viewer4,314.09.2021
EP-PIN-PRT3082219[CVE-2021-21489] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal4,814.09.2021
BC-ESI-WS-JAV-RT3081888[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)9,914.09.2021
SBO-CRO-SEC3075546[CVE-2021-37532] Directory Listing Enabled in SAP Business One4,314.09.2021
CRM-CCI3073891[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center9,614.09.2021
FI-LOC-FI-FR3068582[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR5,414.09.2021
CEC-MKT-CPG-LNS3068337Reverse tabnabbing vulnerability in SAP Marketing Lead Nurture Stream3,514.09.2021
BC-FES-BUS-DSK3060621[CVE-2021-38150] Information disclosure in SAP Business Client6,114.09.2021
BC-UPG-NZ3089831[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework9,914.09.2021
EP-VC-RTM3084487[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)9,914.09.2021
BW-BEX-OT-RRI3082500[CVE-2021-38175] Information Disclosure in SAP Analysis for Microsoft Office6,514.09.2021
BC-CST-WDP3080567[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher8,914.09.2021
BC-JAS-JMS3078609[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)1014.09.2021
SBO-CRO-SEC3070138[CVE-2021-33686] Information Disclosure in  SAP Business One5,314.09.2021
SBO-CRO-SEC3069882[CVE-2021-33688]  SQL Injection vulnerability in SAP Business One4,314.09.2021
SBO-CRO-SEC3069032[CVE-2021-33685] Directory Traversal vulnerability in SAP Business One6,514.09.2021
BI-BIP-INV3055180[CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)5,414.09.2021
BC-IAM-SSO-CCL3051787[CVE-2021-38177] Null Pointer Dereference vulnerability in SAP CommonCryptoLib7,514.09.2021

*The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2023. Privacy Policy