Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 12 and the highest CVSS score is 9.9.
Severity
SAP© Security advisories 12
System Types
Affected SAP© system types
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)
Affected system
type
SAP HANA Platform
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21484] Possible authentication bypass in SAP HANA LDAP scenarios
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21487] Missing Authorization Check in Payment Engine
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21486] Missing Authorization check in SAP Enterprise Financial Services( Bank Customer Accounts )
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21488] Insecure deserialisation in SAP NetWeaver Knowledge Management
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/02/23
Description
Switchable Authorization checks for RFC in In House Cash
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
Reverse tabnabbing issue in Unified Rendering based frameworks in NetWeaver Application Server Java
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on HTMLB for Java)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-27592] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-03
Released
on
2021/03/09
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer