We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.9.
Severity
SAP© Security advisories 19
System Types
Affected SAP© system types
Affected system
type
BI/BO platform
Patchday
2021-04
Released
on
2021/04/13
Description
Information Disclosure in BOE/CMC application
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-04
Released
on
2021/03/18
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27605 ] Missing Authorization check in HCM Travel Management Fiori Apps V2
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27598] Improper Access Control in SAP NetWeaver AS for Java (Customer Usage Provisioning Servlet)
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
Update 1 to Security Note 1576763: Potential information disclosure relating to usernames
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27599] Information Disclosure in SAP Process Integration (Integration Builder Framework)
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21492] Content spoofing in NetWeaver AS Java HTTP Service
Affected system
type
SAP Solution Manager
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21483] Information Disclosure in SAP Solution Manager
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27603] Denial of Service (DoS) in SAP NetWeaver AS of ABAP
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21482] Information Disclosure in SAP NetWeaver Master Data Management
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27601] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (Applications based on HTMLB for Java)
Affected system
type
SAP Commerce / SAP...
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce
Affected system
type
SAP GUI / Frontend
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27608] Unquoted Search Path in SAPSetup
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21485] Information Disclosure in SAP NetWeaver AS for Java (Telnet Commands)
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/03/23
Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA Finance for advanced payment management
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
Clickjacking vulnerability in Runtime Workbench of SAP Process Integration
Affected system
type
SAP Solution Manager...
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27609] Missing Authorization check in SAP Focused RUN
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27604] Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings)