Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 31 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 31
 System Types
Affected SAP© system types

 

Related note
3131397
CVSS
10.0

Affected system type
SAP HANA Platform
Patchday
2021-12
Released on
2021/12/17

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit

 

Related note
3131258
CVSS
10.0

Affected system type
SAP HANA Platform
Patchday
2021-12
Released on
2021/12/16

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA

 

Related note
3133772
CVSS
10.0

Affected system type
SAP Customer Checkout
Patchday
2021-12
Released on
2021/12/22

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout

 

Related note
3130578
CVSS
10.0

Affected system type
SAP BTP Cloud Foundry runtime
Patchday
2021-12
Released on
2021/12/21

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry

 

Related note
3132909
CVSS
10.0

Affected system type
SAP Edge Services 
Patchday
2021-12
Released on
2021/12/24

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition

 

Related note
3132744
CVSS
10.0

Affected system type
SAP BTP Kyma runtime
Patchday
2021-12
Released on
2021/12/21

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma

 

Related note
3132922
CVSS
10.0

Affected system type
SAP Edge Services 
Patchday
2021-12
Released on
2021/12/21

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform

 

Related note
3132162
CVSS
10.0

Affected system type
SAP API Management
Patchday
2021-12
Released on
2021/12/24

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)

 

Related note
3132964
CVSS
10.0

Affected system type
SAP Enable Now
Patchday
2021-12
Released on
2021/12/23

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager

 

Related note
3131047
CVSS
10.0

Affected system type
Any
Patchday
2021-12
Released on
2021/12/15

Description
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component

 

Related note
3109577
CVSS
9.9

Affected system type
SAP Commerce
Patchday
2021-12
Released on
2021/12/14

Description
Code Execution vulnerability in SAP Commerce, localization for China

 

Related note
3130521
CVSS
9.9

Affected system type
Java
Patchday
2021-12
Released on
2021/12/16

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

 

Related note
3119365
CVSS
9.9

Affected system type
ABAP
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)

 

Related note
3132198
CVSS
9.8

Affected system type
SAP Landscape...
Patchday
2021-12
Released on
2021/12/20

Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management

 

Related note
3132822
CVSS
9.0

Affected system type
SAP HANA Platform
Patchday
2021-12
Released on
2021/12/21

Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit

 

Related note
3114134
CVSS
8.8

Affected system type
SAP Commerce
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce

 

Related note
3102769
CVSS
8.8

Affected system type
Java
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse

 

Related note
3123196
CVSS
8.4

Affected system type
ABAP
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP

 

Related note
3132074
CVSS
8.0

Affected system type
SAP Cloud for Customer
Patchday
2021-12
Released on
2021/12/23

Description
[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn

 

Related note
3131824
CVSS
8.0

Affected system type
SAP Connected Health platform
Patchday
2021-12
Released on
2021/12/20

Description
[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 - Fhirserver

 

Related note
3124094
CVSS
7.7

Affected system type
ABAP
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework

 

Related note
3113593
CVSS
7.5

Affected system type
SAP Commerce
Patchday
2021-12
Released on
2021/12/14

Description
Denial of service (DOS) in SAP Commerce

 

Related note
3107332
CVSS
6.6

Affected system type
SAP Landscape Management
Patchday
2021-12
Released on
2021/12/14

Description
Missing Authorization Check in SAP Landscape Management

 

Related note
2661033
CVSS
6.3

Affected system type
ABAP
Patchday
2021-12
Released on
2021/11/23

Description
Missing Authorization check in RFC enabled function modules in SRM

 

Related note
2460948
CVSS
5.3

Affected system type
ABAP
Patchday
2021-12
Released on
2021/11/23

Description
Missing Authorization Check in Vehicle Management System

 

Related note
2484231
CVSS
4.3

Affected system type
ABAP
Patchday
2021-12
Released on
2021/12/14

Description
Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)

 

Related note
3121165
CVSS
4.3

Affected system type
SAP 3D Visual Enterprise
Patchday
2021-12
Released on
2021/12/14

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

 

Related note
3103677
CVSS
4.1

Affected system type
BI/BO platform
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence)

 

Related note
3051005
CVSS
3.5

Affected system type
SAP UI5
Patchday
2021-12
Released on
2021/12/14

Description
Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad

 

Related note
3132204
CVSS
3.1

Affected system type
Java
Patchday
2021-12
Released on
2021/12/16

Description
Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

 

Related note
3080816
CVSS
2.4

Affected system type
ABAP
Patchday
2021-12
Released on
2021/12/14

Description
[CVE-2021-44233] Missing Authorization check in GRC Access Control

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH