Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 19
 System Types
Affected SAP© system types

 

Related note
3040210
CVSS
9.9

Affected system type
SAP Commerce / SAP...
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce

 

Related note
3017908
CVSS
8.3

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-21482] Information Disclosure in SAP NetWeaver Master Data Management

 

Related note
3017823
CVSS
8.2

Affected system type
SAP Solution Manager
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-21483] Information Disclosure in SAP Solution Manager

 

Related note
3039649
CVSS
7.5

Affected system type
SAP GUI / Frontend
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27608] Unquoted Search Path in SAPSetup

 

Related note
3001824
CVSS
7.4

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-21485] Information Disclosure in SAP NetWeaver AS for Java (Telnet Commands)

 

Related note
3027937
CVSS
6.5

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27598] Improper Access Control in SAP NetWeaver AS for Java (Customer Usage Provisioning Servlet)

 

Related note
3012277
CVSS
6.5

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27599] Information Disclosure in SAP Process Integration (Integration Builder Framework)

 

Related note
3028729
CVSS
6.5

Affected system type
ABAP
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27603] Denial of Service (DoS) in SAP NetWeaver AS of ABAP

 

Related note
3036436
CVSS
6.5

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27604] Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings)

 

Related note
3024414
CVSS
6.4

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)

 

Related note
2963592
CVSS
5.4

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27601] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (Applications based on HTMLB for Java)

 

Related note
3005802
CVSS
5.4

Affected system type
ABAP
Patchday
2021-04
Released on
2021/03/23

Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA Finance for advanced payment management

 

Related note
2911863
CVSS
5.3

Affected system type
BI/BO platform
Patchday
2021-04
Released on
2021/04/13

Description
Information Disclosure in BOE/CMC application

 

Related note
3036679
CVSS
5.3

Affected system type
ABAP
Patchday
2021-04
Released on
2021/04/13

Description
Update 1 to Security Note 1576763: Potential information disclosure relating to usernames

 

Related note
3030948
CVSS
4.6

Affected system type
SAP Solution Manager...
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27609] Missing Authorization check in SAP Focused RUN

 

Related note
2818965
CVSS
4.6

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
Clickjacking vulnerability in Runtime Workbench of SAP Process Integration

 

Related note
3025054
CVSS
4.3

Affected system type
ABAP
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-27605 ] Missing Authorization check in HCM Travel Management Fiori Apps V2

 

Related note
3035472
CVSS
4.3

Affected system type
SAP 3D Visual Enterprise
Patchday
2021-04
Released on
2021/03/18

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

 

Related note
3025637
CVSS
4.3

Affected system type
Java
Patchday
2021-04
Released on
2021/04/13

Description
[CVE-2021-21492] Content spoofing in NetWeaver AS Java HTTP Service