Security Advisory for October 2021
Advisory
Taking control of the SAP patch management process for the vast product portfolio offered by SAP SE is essential to maintain a steady security posture. We have reviewed the security patches released (and updated) in October 2021 and found corrections that eliminate the following attack vectors:
- "Code injection"
- "Command Injection"
- "Cross-site request forgery (XSRF)"
- "Cross-site scripting (XSS)"
- "Denial of Service (DoS)"
- "External entity tunneling (XXE)"
- "Information disclosure"
- "Missing authorization check"
- "Missing logging functionality"
Patches released by the manufacture contain solutions for the components
- "BC-ABA-LA"
- "BC-CCM-PRN"
- "BC-CST-IC"
- "BC-CTS-ORG"
- "BC-CTS-TMS"
- "BC-DWB-SEM"
- "BC-MID-ICF-LGN"
- "BI-RA-AWB"
- "BI-RA-CR-DB"
- "CA-UI5-COR"
- "CO-FIO-OM-PL"
- "LOD-SF-FWK"
- "SBO-CRO-SEC"
- "SCM-BAS-INT-EXT"
- "XAP-EM"
View all advisories of October 2021.
- Share with: