SAP Security Patch Day – Firma wydaje 7 poprawek dotyczących bezpieczeństwa. Wprowadzono także 6 aktualizacji do wcześniej wydanych zabezpieczeń.
Lista uwag dotyczących bezpieczeństwa opublikowanych w lutowym dniu aktualizacji:
Note# | Title | Priority | CVSS |
2622660 | Update to security note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 | Hot News | 10 |
3014121 | [CVE-2021-21477] Remote Code Execution vulnerability in SAP CommerceProduct – SAP Commerce, Versions – 1808,1811,1905,2005,2011 | Hot News | 9.9 |
2986980 | Update to security note released on January 2021 Patch Day: [CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface) Additional CVE – CVE-2021-21468 Product – SAP Business Warehouse, Versions – 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 782 | Hot News | 9.9 |
2993132 | Update to security note released on December 2020 Patch Day: [CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation) Product – SAP NetWeaver AS ABAP (SAP Landscape Transformation – DMIS), Versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 Product – SAP S4 HANA (SAP Landscape Transformation), Versions – 101, 102, 103, 104, 105 | High | 7.6 |
3000306 | Update to security note released on January 2021 Patch Day: [CVE-2021-21446] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform Product – SAP NetWeaver AS ABAP, Versions – 740, 750, 751, 752, 753, 754, 755 | High | 7.5 |
2998173 | [CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1Product – SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1), Version – 1.0 | Medium | 6.3 |
2789866 | Update to security note released on August 2019 Patch Day: [CVE-2019-0337] Cross-Site Scripting (XSS) vulnerability in Java Proxy Runtime of SAP NetWeaver Process Integration Product – SAP NetWeaver Process Integration (Java Proxy Runtime), Versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 | Medium | 6.1 |
2935791 | [CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)Product – SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad), Versions – 410, 420, 430 | Medium | 5.4 |
3014303 | [CVE-2021-21476] Reverse Tabnabbing vulnerability in SAPUI5Product – SAP UI5, Versions – 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, | Medium | 4.7 |
2974582 | [CVE-2021-21478] Reverse Tabnabbing vulnerability within SAP Web Dynpro ABAP ApplicationsProduct – SAP Web Dynpro ABAP | Medium | 4.7 |
2843016 | Update to security note released on November 2019 Patch Day: [CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler Product – SAP UI, Versions – 7.5, 7.51, 7.52, 7.53, 7.54 Product – SAP UI 700, Versions – 2.0 | Medium | 4.3 |
2992154 | [CVE-2021-21474] SAML Assertion Signature MD5 Digest Algorithm Vulnerability in SAP HANA DatabaseProduct – SAP HANA Database, Versions – 1.0, 2.0 | Medium | 4.1 |
3000897 | [CVE-2021-21475] Directory Traversal vulnerability in SAP NetWeaver Master Data Management 7.1Product – SAP NetWeaver Master Data Management Server, Versions – 710, 710.750 | Medium | 4 |