Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 8 and the highest CVSS score is 9.6.

Severity

SAP© Security advisories 8

System Types

Affected SAP© system types

_{Related note}
3099776

_CVSS
9.6

_{Affected system
type}
Kernel

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel

Security Advisory

_{Related note}
3110328

_CVSS
8.3

_{Affected system
type}
SAP Commerce

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
[CVE-2021-40502] Missing Authorization check in SAP Commerce

Security Advisory

_{Related note}
2827086

_CVSS
7.9

_{Affected system
type}
SAP FRP

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
Several security vulnerabilities in FRP 5.4.0 and FR Engine 5.4.0

Security Advisory

_{Related note}
3080106

_CVSS
6.8

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
[CVE-2021-40503] Information Disclosure in SAP GUI for Windows

Security Advisory

_{Related note}
3104456

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
[CVE-2021-42062] Missing Authorization check in SAP ERP HCM

Security Advisory

_{Related note}
2607126

_CVSS
6.3

_{Affected system
type}
Java

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
Cross-Site Request Forgery vulnerability in Enterprise Services Repository of SAP Process Integration

Security Advisory

_{Related note}
3105728

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2021-11

_{Released
on}
2021/11/09

Description
[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform

Notifications

Security Advisories

Severity

SAP© Security advisories 8

System Types

Affected SAP© system types

Related note 3099776

CVSS 9.6

Affected system type Kernel

Patchday2021-11

Released on2021/11/09

Related note 3110328

CVSS 8.3

Affected system type SAP Commerce

Patchday2021-11

Released on2021/11/09

Related note 2827086

CVSS 7.9

Affected system type SAP FRP

Patchday2021-11

Released on2021/11/09

Related note 3080106

CVSS 6.8

Affected system type SAP GUI / Frontend

Patchday2021-11

Released on2021/11/09

Related note 3104456

CVSS 6.5

Affected system type ABAP

Patchday2021-11

Released on2021/11/09

Related note 2607126

CVSS 6.3

Affected system type Java

Patchday2021-11

Released on2021/11/09

Related note 3105728

CVSS 4.9

Affected system type ABAP

Patchday2021-11

Released on2021/11/09

Related note 3106859

CVSS 4.3

Affected system type ABAP

Patchday2021-11

Released on2021/11/09

_{Related note}
3099776

_CVSS
9.6

_{Affected system
type}
Kernel

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
3110328

_CVSS
8.3

_{Affected system
type}
SAP Commerce

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
2827086

_CVSS
7.9

_{Affected system
type}
SAP FRP

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
3080106

_CVSS
6.8

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
3104456

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
2607126

_CVSS
6.3

_{Affected system
type}
Java

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
3105728

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2021-11

_{Released
on}
2021/11/09

_{Related note}
3106859

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2021-11

_{Released
on}
2021/11/09