Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 31 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 31
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/11/23
Description
Missing Authorization Check in Vehicle Management System
Affected system
type
SAP Landscape Management
Patchday
2021-12
Released
on
2021/12/14
Description
Missing Authorization Check in SAP Landscape Management
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
Code Execution vulnerability in SAP Commerce, localization for China
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)
Affected system
type
BI/BO platform
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence)
Affected system
type
SAP UI5
Patchday
2021-12
Released
on
2021/12/14
Description
Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44233] Missing Authorization check in GRC Access Control
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/11/23
Description
Missing Authorization check in RFC enabled function modules in SRM
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/17
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA
Affected system
type
SAP Customer Checkout
Patchday
2021-12
Released
on
2021/12/22
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout
Affected system
type
SAP BTP Cloud Foundry runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/16
Description
Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
SAP Landscape...
Patchday
2021-12
Released
on
2021/12/20
Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/21
Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP BTP Kyma runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma
Affected system
type
SAP Cloud for Customer
Patchday
2021-12
Released
on
2021/12/23
Description
[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce
Affected system
type
SAP API Management
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-12
Released
on
2021/12/14
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
Denial of service (DOS) in SAP Commerce
Affected system
type
SAP Enable Now
Patchday
2021-12
Released
on
2021/12/23
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager
Affected system
type
Any
Patchday
2021-12
Released
on
2021/12/15
Description
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component
Affected system
type
SAP Connected Health platform
Patchday
2021-12
Released
on
2021/12/20
Description
[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 - Fhirserver