Security Advisories  

Description
[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn

Description
Missing Authorization Check in Vehicle Management System

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform

Description
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)

Description
Denial of service (DOS) in SAP Commerce

Description
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce

Description
Missing Authorization Check in SAP Landscape Management

Description
Code Execution vulnerability in SAP Commerce, localization for China

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Description
Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)

Description
[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence)

Description
Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad

Description
[CVE-2021-44233] Missing Authorization check in GRC Access Control

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager

Description
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)

Description
Missing Authorization check in RFC enabled function modules in SRM

Description
[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework

Description
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP

Description
[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 - Fhirserver

Description
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition

Description
Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management

Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma

Description
URL Redirection vulnerability in Offer Management

Description
[CVE-2021-42062] Missing Authorization check in SAP ERP HCM

Description
[CVE-2021-40502] Missing Authorization check in SAP Commerce

Description
[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel

Description
Cross-Site Request Forgery vulnerability in Enterprise Services Repository of SAP Process Integration

Description
[CVE-2021-40503] Information Disclosure in SAP GUI for Windows

Description
Several security vulnerabilities in FRP 5.4.0 and FR Engine 5.4.0

Description
[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver

Description
Cross-Site Scripting (XSS) vulnerability in SAPUI5

Description
Missing Authorization check in SCM BAPIs

Description
[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)

Description
[CVE-2021-38179] Information Disclosure in SAP Business One

Description
Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance

Description
[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data

Description
[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices

Description
[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)

Description
[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP)

Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data

Description
[CVE-2021-38180] CSV Injection in SAP Business One

Description
Missing transaction start (AU3) entries in the Security Audit Log

Description
[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2021-38175] Information Disclosure in SAP Analysis for Microsoft Office

Description
[CVE-2021-33685] Directory Traversal vulnerability in SAP Business One

Description
Missing Authorization check in Financial Accounting

Description
[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework

Description
[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher

Description
[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)

Description
[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)

Description
[CVE-2021-21489] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)

Description
[CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)

Description
[CVE-2021-38174] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
Reverse tabnabbing vulnerability in SAP Marketing Lead Nurture Stream

Description
[CVE-2021-38177] Null Pointer Dereference vulnerability in SAP CommonCryptoLib

Description
[CVE-2021-38150] Information disclosure in SAP Business Client

Description
[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center

Description
[CVE-2021-37532] Directory Listing Enabled in SAP Business One

Description
[CVE-2021-33688] SQL Injection vulnerability in SAP Business One

Description
[CVE-2021-33686] Information Disclosure in SAP Business One

Description
[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR

Description
[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)

Description
[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android

Description
[CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector

Description
[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)

Description
[CVE-2021-33700] Missing Authentication check in SAP Business One

Description
[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)

Description
Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM

Description
[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Missing Authentication check in SAP Web Dispatcher

Description
[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation

Description
Switchable Authorization checks for RFC in CRM Middleware

Description
[CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)

Description
[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)

Description
[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One

Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)

Description
[CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad)

Description
[CVE-2021-33678] Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework)

Description
[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager

Description
[CVE-2021-33676] Missing authorization check in SAP CRM ABAP

Description
[CVE-2021-33671] Missing Authorization check in SAP NetWeaver Guided Procedures

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2021-33670] Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service)

Description
[CVE-2021-33689] Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator)

Description
[CVE-2021-33682] Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server

Description
[CVE-2021-33687] Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal)

Description
Incomplete authorization checks for import of environmental data

Description
[CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on Web Dynpro ABAP)

Description
[CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA

Description
[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder - Manager)

Description
[Multiple CVEs] Memory Corruption vulnerability in SAP Internet Graphics Service

Description
[CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud

Description
[CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on SAP GUI for HTML)

Description
[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution

Description
[CVE-2021-33663] Plaintext Injection in SAP NetWeaver AS for ABAP

Description
Unauthorized use of application functions in SAP GUI for HTML

Description
[CVE-2021-27612] SAP GUI for Windows is vulnerable to redirect users to an untrusted website

Description
[CVE-2021-27611] Code Injection vulnerability in SAP NetWeaver AS ABAP

Description
[CVE-2021-27613] Information Disclosure in SAP Business One (Chef business-one-cookbook)

Description
[CVE-2021-27619] Information Disclosure in SAP Commerce (Backoffice search)

Description
Information Disclosure in Enterprise Services Repository of SAP Process Integration

Description
[Multiple CVEs] Multiple vulnerabilities in SAP Process Integration (Integration Builder Framework)

Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP CRM WebClient UI

Description
[CVE-2021-27616] Multiple vulnerabilities in SAP Business One, version for SAP HANA (Business-One-Hana-Chef-Cookbook)

Description
[CVE-2021-21492] Content spoofing in NetWeaver AS Java HTTP Service

Description
[CVE-2021-21483] Information Disclosure in SAP Solution Manager

Description
[CVE-2021-27605 ] Missing Authorization check in HCM Travel Management Fiori Apps V2

Description
[CVE-2021-27604] Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings)

Description
[CVE-2021-27599] Information Disclosure in SAP Process Integration (Integration Builder Framework)

Description
Information Disclosure in BOE/CMC application

Description
Update 1 to Security Note 1576763: Potential information disclosure relating to usernames

Description
[CVE-2021-27598] Improper Access Control in SAP NetWeaver AS for Java (Customer Usage Provisioning Servlet)

Description
[CVE-2021-27601] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (Applications based on HTMLB for Java)

Description
[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce

Description
[CVE-2021-27608] Unquoted Search Path in SAPSetup

Description
[CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)

Description
[CVE-2021-21485] Information Disclosure in SAP NetWeaver AS for Java (Telnet Commands)

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2021-21482] Information Disclosure in SAP NetWeaver Master Data Management

Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA Finance for advanced payment management

Description
Clickjacking vulnerability in Runtime Workbench of SAP Process Integration

Description
[CVE-2021-27609] Missing Authorization check in SAP Focused RUN

Description
[CVE-2021-27603] Denial of Service (DoS) in SAP NetWeaver AS of ABAP

Description
Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on HTMLB for Java)

Description
[CVE-2021-21484] Possible authentication bypass in SAP HANA LDAP scenarios

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2021-21487] Missing Authorization Check in Payment Engine

Description
[CVE-2021-21486] Missing Authorization check in SAP Enterprise Financial Services( Bank Customer Accounts )

Description
[CVE-2021-21488] Insecure deserialisation in SAP NetWeaver Knowledge Management

Description
Reverse tabnabbing issue in Unified Rendering based frameworks in NetWeaver Application Server Java

Description
[CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)

Description
Switchable Authorization checks for RFC in In House Cash

Description
[CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)

Description
[CVE-2021-27592] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence

Description
Reverse Tabnabbing vulnerability within SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)

Description
[CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1

Description
[CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)

Description
Clickjacking vulnerability in Adapter Runtime of SAP Process Integration

Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce

Description
Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration

Description
Reverse Tabnabbing vulnerability within SAP CRM WebClient UI

Description
[CVE-2021-21475] Directory Traversal vulnerability in SAP NetWeaver Master Data Management 7.1

Description
Missing Authorization Checks in the Monitor Data and My Data Collections Apps