W dniu 9 marca firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 13 nowych poprawek w tym 4 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
Note# | Title | Priority | CVSS |
2890213 | Update to security note released on March 2020 Patch Day: [CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring) Product – SAP Solution Manager (User Experience Monitoring), Version – 7.2 |
Hot News | 10 |
2622660 | Update to security note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News | 10 |
3022622 | [CVE-2021-21480] Code Injection Vulnerability in SAP MII Product – SAP Manufacturing Integration and Intelligence, Versions – 15.1, 15.2, 15.3, 15.4 |
Hot News | 9.9 |
3022422 | [CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService) Product – SAP NetWeaver AS JAVA (MigrationService), Versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 |
Hot News | 9.6 |
3017378 | [CVE-2021-21484] Possible authentication bypass in SAP HANA LDAP scenarios Product – SAP HANA, Version – 2.0 |
High | 7.7 |
3007888 | [CVE-2021-21486] Missing Authorization check in SAP Enterprise Financial Services( Bank Customer Accounts) Product – SAP Enterprise Financial Services (Bank Customer Accounts), Versions – 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 |
Medium | 6.8 |
2983436 | [CVE-2021-21488] Insecure Deserialisation in SAP NetWeaver Knowledge Management Product – SAP NetWeaver Knowledge Management, Versions – 7.01, 7.02, 7.30,7.31, 7.40, 7.50 |
Medium | 6.8 |
3023778 | [CVE-2021-21487] Missing Authorization Check in Payment Engine Product – SAP Payment Engine, Version – 500 |
Medium | 6.8 |
2943844 | Update to security note released on October 2020 Patch Day: [CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services) Product – SAP BusinessObjects Business Intelligence Platform (Web Services), Versions – 410, 420, 430 |
Medium | 5.3 |
2976947 | [CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) Product – SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java), Versions – 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 |
Medium | 4.7 |
3027767 | [CVE-2021-27592] Improper Input Validation in SAP 3D Visual Enterprise Viewer Product – SAP 3D Visual Enterprise Viewer, Version – 9 |
Medium | 4.3 |
3027758 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer Related CVEs – CVE-2021-27585, CVE-2021-27586, CVE-2021-27587, CVE-2021-21493, CVE-2021-27588, CVE-2021-27591, CVE-2021-27584, CVE-2021-27589, CVE-2021-27590 Product – SAP 3D Visual Enterprise Viewer, Version – 9 |
Medium | 4.3 |
2944188 | Update to security note released on November 2020 Patch Day: [CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA Product – SAP ERP, Versions – 600, 602, 603, 604, 605, 606, 616, 617, 618 Product – SAP S/4 HANA, Versions – 100, 101, 102, 103, 104 |
Medium | 4.3 |