W dniu 14 grudnia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 15 nowych poprawek w tym 4 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
Note# |
Title | Priority |
CVSS |
Update to Security Note released on Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News |
||
Code Execution vulnerability in SAP Commerce, localization for China Related CVEs – CVE-2021-21341,CVE-2021-21342,CVE-2021-21349,CVE-2021-21343,CVE-2021-21344,CVE-2021-21346,CVE-2021-21347,CVE-2021-21350,CVE-2021-21351,CVE-2021-21345,CVE-2021-21348 Product – SAP Commerce, localization for China, Version – 2001 |
Hot News |
||
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools) Product – SAP ABAP Server & ABAP Platform (Translation Tools), Versions – 701, 740,750,751,752,753,754,755,756,804 |
Hot News |
||
Update to Security Note released on September 2021 Patch Day: [CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework Product – SAP S/4HANA, Versions – 1511, 1610, 1709, 1809, 1909, 2020, 2021 Product – SAP LT Replication Server, Versions – 2.0, 3.0 Product – SAP LTRS for S/4HANA, Version – 1.0 Product – SAP Test Data Migration Server, Version – 4.0 Product – SAP Landscape Transformation, Version – 2.0 |
Hot News |
||
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce Product – SAP Commerce, Versions – 1905, 2005, 2105, 2011 |
High |
||
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse Product – SAP Knowledge Warehouse, Versions – 7.30, 7.31, 7.40, 7.50 |
High |
||
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP Product – SAP NetWeaver AS ABAP, Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 |
High |
||
[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices Product – SAP SuccessFactors Mobile Application (for Android devices), Versions – <2108 |
High |
||
[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework Product – SAF-T Framework, Versions – SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104, 105 |
High |
||
Denial of service (DOS) in SAP Commerce Related CVE – CVE-2021-37714 Product – SAP Commerce, Versions – 1905, 2005, 2105, 2011 |
High |
||
Update to Security Note released on July 2021 Patch Day: [CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager Product – SAP Web Dispatcher and Internet Communication Manager, Versions – KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 |
Medium |
||
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer CVEs – CVE-2021-42068,CVE-2021-42070, CVE-2021-42069, CVE-2021-42069 Product – SAP 3D Visual Enterprise Viewer, Version – 9 |
Medium |
||
Update to Security Note released on November 2019 Patch Day: [CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler Product – SAP UI, Versions – 7.5, 7.51, 7.52, 7.53, 7.54 Product – SAP UI 700, Versions – 2.0 |
Medium |
||
[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence) Product – SAP BusinessObjects Business Intelligence Platform, Version – 420 |
Medium |
||
[CVE-2021-44233] Missing Authorization check in GRC Access Control Product – SAP GRC Access Control, Versions – V1100_700, V1100_731, V1200_750 |
Low |