Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Hey there! Glad you made it.
We have found 13 security advices for you to review.

 

 Severity
SAP© Security advisories 13
 System Types
Affected SAP© system types

 

Related note
3098917
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP)

 

Related note
3080710
CVSS
6.5

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3079427
CVSS
6.5

Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38180] CSV Injection in SAP Business One

 

Related note
2988956
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28

Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data

 

Related note
3087254
CVSS
4.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform

 

Related note
3074693
CVSS
6.9

Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)

 

Related note
2988962
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28

Description
Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data

 

Related note
3099011
CVSS
5.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3074819
CVSS
6.7

Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38179] Information Disclosure in SAP Business One

 

Related note
3100882
CVSS
6.4

Affected system type
SAP Cloud Print Manager
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)

 

Related note
3084937
CVSS
5.4

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver

 

Related note
3055347
CVSS
6.1

Affected system type
SAP UI5
Patchday
2021-10
Released on
2021/10/12

Description
Cross-Site Scripting (XSS) vulnerability in SAPUI5

 

Related note
2655294
CVSS
5.3

Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12

Description
Missing Authorization check in SCM BAPIs

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2024 by SecurityBridge GmbH

v34.1