W dniu 12 stycznia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 10 nowych poprawek w tym 5 jest krytycznych.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS |
| 2622660 | Update to security note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News | 10 |
| 2986980 | [CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface) Additional CVE – CVE-2021-21468 Product – SAP Business Warehouse, Versions – 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 782 |
Hot News | 9.9 |
| 2999854 | [CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA Product – SAP Business Warehouse, Versions – 700, 701, 702, 711, 730, 731, 740, 750, 782 Product – SAP BW4HANA, Versions – 100, 200 |
Hot News | 9.9 |
| 2983367 | Update to security note released on December 2020 Patch Day: [CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA Product – SAP Business Warehouse, Versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782 Product – SAP BW4HANA, Versions – 100, 200 |
Hot News | 9.1 |
| 2979062 | Update to security note released on November 2020 Patch Day: [CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server) Product – SAP NetWeaver AS JAVA, Versions – 7.20, 7.30, 7.31, 7.40, 7.50 |
Hot News | 9.1 |
| 3000306 | [CVE-2021-21446] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform Product – SAP NetWeaver AS ABAP, Versions – 740, 750, 751, 752, 753, 754, 755 |
High | 7.5 |
| 2863397 | Update to security note released on January 2020 Patch Day: [CVE-2020-6307] Missing Authorization Check in Automated Note Search Tool (SAP_BASIS) Product – Automated Note Search Tool (SAP Basis), Versions – 7.0, 7.01,7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 |
Medium | 6.5 |
| 2826528 | Update to security note released on April 2020 Patch Day: [CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service) Product – SAP NetWeaver AS Java (HTTP Service), Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Medium | 6.2 |
| 2984034 | [CVE-2021-21445] Header Manipulation vulnerability in SAP Commerce Cloud Product – SAP Commerce Cloud, Versions – 1808, 1811, 1905, 2005, 2011 |
Medium | 5.4 |
| 2965154 | [CVE-2021-21447] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Product – SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface), Versions – 410, 420 |
Medium | 5.4 |
| 2912747 | Update to security note released on May 2020 Patch Day: [CVE-2020-6256] Missing Authorization check in SAP Master Data Governance Product – SAP Master Data Governance, Versions – 748, 749, 750, 751, 752, 800, 801, 802, 803, 804 |
Medium | 5.4 |
| 2971163 | Update to security note released on December 2020 Patch Day: [CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service) Product – SAP NetWeaver AS JAVA (Key Storage Service), Versions – 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50 |
Medium | 5.4 |
| 2992269 | [CVE-2021-21448] Information Disclosure in SAP GUI for Windows Product – SAP GUI FOR WINDOWS, Version – 7.60 |
Medium | 5.3 |
| 2993032 | [CVE-2021-21469] Information Disclosure in SAP NetWeaver Master Data Management Product – SAP NetWeaver Master Data Management, Versions – 7.10, 7.10.750, 710 |
Medium | 5.3 |
| 3002617 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer CVEs – CVE-2021-21449, CVE-2021-21457, CVE-2021-21458, CVE-2021-21459, CVE-2021-21450, CVE-2021-21451, CVE-2021-21452, CVE-2021-21453, CVE-2021-21454, CVE-2021-21455, CVE-2021-21456, CVE-2021-21460, CVE-2021-21461, CVE-2021-21462, CVE-2021-21463, CVE-2021-21464 Product – SAP 3D Visual Enterprise Viewer, Version – 9.0 |
Medium | 4.3 |
| 3008422 | [CVE-2021-21467] Missing Authorization check in SAP Banking Services (Generic Market Data) Product – SAP Banking Services (Generic Market Data), Versions – 400, 450, 500 |
Medium | 4.3 |
| 3000291 | [CVE-2021-21470] XML External Entity vulnerability in SAP EPM add-in Product – SAP EPM ADD-IN, Versions – 2.8, 1010 |
Low | 3.6 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny