Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest CVSS score is 9.8.

 

 Severity
SAP© Security advisories 17
 System Types
Affected SAP© system types

 

Related note
3101406
CVSS
9.8

Affected system type
Java
Patchday
2021-10
Released on
2021/10/12

Description
Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance

 

Related note
3097887
CVSS
9.1

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3089438
CVSS
9.1

Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/20

Description
Missing transaction start (AU3) entries in the Security Audit Log

 

Related note
3077635
CVSS
7.8

Affected system type
SAP Success Factors
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices

 

Related note
3074693
CVSS
6.9

Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)

 

Related note
3074819
CVSS
6.7

Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38179] Information Disclosure in SAP Business One

 

Related note
3079427
CVSS
6.5

Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38180] CSV Injection in SAP Business One

 

Related note
3080710
CVSS
6.5

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3100882
CVSS
6.4

Affected system type
SAP Cloud Print Manager
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)

 

Related note
3055347
CVSS
6.1

Affected system type
SAP UI5
Patchday
2021-10
Released on
2021/10/12

Description
Cross-Site Scripting (XSS) vulnerability in SAPUI5

 

Related note
2988956
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28

Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data

 

Related note
2988962
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28

Description
Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data

 

Related note
3084937
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver

 

Related note
3099011
CVSS
5.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
2655294
CVSS
5.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
Missing Authorization check in SCM BAPIs

 

Related note
3087254
CVSS
4.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3098917
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation
strategies essential for preventing the disruption of vital business systems.
We help businesses in making their SAP systems more secure.

Company

© Copyright 2021 by SecurityBridge // NCMI GmbH