Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 9 security advices for you to review.

Severity

SAP© Security advisories 9

System Types

Affected SAP© system types

_{Related note}
2999590

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/05/25

Description
Incomplete authorization checks for import of environmental data

Security Advisory

_{Related note}
3053066

_CVSS
8.7

_{Affected system
type}
Java

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA

Security Advisory

_{Related note}
3049879

_CVSS
5.9

_{Affected system
type}
SAP Enable Now

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder - Manager)

Security Advisory

_{Related note}
3021050

_CVSS
5.9

_{Affected system
type}
Internet Graphics Service

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[Multiple CVEs] Memory Corruption vulnerability in SAP Internet Graphics Service

Security Advisory

_{Related note}
2985562

_CVSS
4.7

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud

Security Advisory

_{Related note}
3030961

_CVSS
6.4

_{Affected system
type}
Java

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution

Security Advisory

_{Related note}
3030604

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-33663] Plaintext Injection in SAP NetWeaver AS for ABAP

Security Advisory

_{Related note}
3028370

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
3025604

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08

Description
[CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on Web Dynpro ABAP)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 9

System Types

Affected SAP© system types

Related note 2999590

CVSS 4.3

Affected system type ABAP

Patchday2021-06

Released on2021/05/25

Related note 3053066

CVSS 8.7

Affected system type Java

Patchday2021-06

Released on2021/06/08

Related note 3049879

CVSS 5.9

Affected system type SAP Enable Now

Patchday2021-06

Released on2021/06/08

Related note 3021050

CVSS 5.9

Affected system type Internet Graphics Service

Patchday2021-06

Released on2021/06/08

Related note 2985562

CVSS 4.7

Affected system type SAP Commerce Cloud

Patchday2021-06

Released on2021/06/08

Related note 3030961

CVSS 6.4

Affected system type Java

Patchday2021-06

Released on2021/06/08

Related note 3030604

CVSS 5.8

Affected system type ABAP

Patchday2021-06

Released on2021/06/08

Related note 3028370

CVSS 5.4

Affected system type ABAP

Patchday2021-06

Released on2021/06/08

Related note 3025604

CVSS 5.4

Affected system type ABAP

Patchday2021-06

Released on2021/06/08

_{Related note}
2999590

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/05/25

_{Related note}
3053066

_CVSS
8.7

_{Affected system
type}
Java

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3049879

_CVSS
5.9

_{Affected system
type}
SAP Enable Now

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3021050

_CVSS
5.9

_{Affected system
type}
Internet Graphics Service

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
2985562

_CVSS
4.7

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3030961

_CVSS
6.4

_{Affected system
type}
Java

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3030604

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3028370

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08

_{Related note}
3025604

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-06

_{Released
on}
2021/06/08