Security Advisory for September 2021 

Today we have released the Security Advisories for SAP and the month of September 2021


Taking control of the SAP patch management process for the vast product portfolio offered by SAP SE is essential to maintain a steady security posture. We have reviewed the security patches released (and updated) in September 2021 and found corrections that eliminate the following attack vectors:

  • "Code Injection Denial of Service (DoS) Information disclosure"
  • "Command Injection"
  • "Cross-Site Scripting (XSS)"
  • "Denial of Service (DoS)"
  • "Directory traversal "
  • "Information disclosure"
  • "Missing authorization check"
  • "OS command injection"
  • "Reverse tabnabbing "
  • "SQL injection"

Patches released by the manufacture contain solutions for the components

  • "BC-CST-WDP"
  • "BC-JAS-JMS"
  • "BC-UPG-NZ"
  • "BI-BIP-INV"
  • "CA-VE-VEV"
  • "CRM-CCI"
  • "EP-PIN-PRT"
  • "EP-VC-RTM"
  • "FI-LOC-FI-FR"
  • "XX-CSC-OM-FI"

View all advisories of September 2021.

  • Share with:
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.


© Copyright 2024 by SecurityBridge GmbH