Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Hey there! Glad you made it.
We have found 9 security advices for you to review.

 

 Severity
SAP© Security advisories 9
 System Types
Affected SAP© system types

 

Related note
3053066
CVSS
8.7

Affected system type
Java
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA

 

Related note
3030961
CVSS
6.4

Affected system type
Java
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution

 

Related note
3049879
CVSS
5.9

Affected system type
SAP Enable Now
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder - Manager)

 

Related note
3021050
CVSS
5.9

Affected system type
Internet Graphics Service
Patchday
2021-06
Released on
2021/06/08

Description
[Multiple CVEs] Memory Corruption vulnerability in SAP Internet Graphics Service

 

Related note
3030604
CVSS
5.8

Affected system type
ABAP
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-33663] Plaintext Injection in SAP NetWeaver AS for ABAP

 

Related note
3028370
CVSS
5.4

Affected system type
ABAP
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on SAP GUI for HTML)

 

Related note
3025604
CVSS
5.4

Affected system type
ABAP
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on Web Dynpro ABAP)

 

Related note
2985562
CVSS
4.7

Affected system type
SAP Commerce Cloud
Patchday
2021-06
Released on
2021/06/08

Description
[CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud

 

Related note
2999590
CVSS
4.3

Affected system type
ABAP
Patchday
2021-06
Released on
2021/05/25

Description
Incomplete authorization checks for import of environmental data