Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 18 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 18
 System Types
Affected SAP© system types

 

Related note
3078072
CVSS
6.3

Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)

Security Advisory

 

Related note
3072955
CVSS
9.9

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)

Security Advisory

 

Related note
3002517
CVSS
6.3

Affected system type
ABAP
Patchday
2021-08
Released on
2021/06/08

Description
[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Security Advisory

 

Related note
3078312
CVSS
9.1

Affected system type
ABAP
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation

Security Advisory

 

Related note
3057378
CVSS
8.8

Affected system type
Kernel
Patchday
2021-08
Released on
2021/08/10

Description
Missing Authentication check in SAP Web Dispatcher

Security Advisory

 

Related note
3062085
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)

Security Advisory

 

Related note
3073450
CVSS
6.9

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)

Security Advisory

 

Related note
2675775
CVSS
6.3

Affected system type
ABAP
Patchday
2021-08
Released on
2021/08/10

Description
Switchable Authorization checks for RFC in CRM Middleware

Security Advisory

 

Related note
3073681
CVSS
8.3

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

 

Related note
3071984
CVSS
9.9

Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One

Security Advisory

 

Related note
3074844
CVSS
8.1

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

 

Related note
3067219
CVSS
7.6

Affected system type
SAP Fiori Client Android
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android

Security Advisory

 

Related note
3063048
CVSS
4.7

Affected system type
BI/BO platform
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)

Security Advisory

 

Related note
3058553
CVSS
6.8

Affected system type
SAP Cloud Connector
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector

Security Advisory

 

Related note
3076399
CVSS
6.1

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)

Security Advisory

 

Related note
3073325
CVSS
7.0

Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33700] Missing Authentication check in SAP Business One

Security Advisory

 

Related note
2659604
CVSS
6.4

Affected system type
ABAP
Patchday
2021-08
Released on
2021/07/27

Description
Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM

Security Advisory

 

Related note
3072920
CVSS
8.3

Affected system type
Java
Patchday
2021-08
Released on
2021/08/10

Description
[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v34.3