W dniu 11 maja firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 11 nowych poprawek w tym 3 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
Note# | Title | Priority | CVSS |
2622660 | Update to Security Note released on August 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News | 10 |
3040210 | Update to Security Note released on April 2021 Patch Day: [CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce Product – SAP Commerce, Versions – 1808, 1811, 1905, 2005, 2011 |
Hot News | 9.9 |
2999854 | Update to Security Note released on January 2021 Patch Day: [CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA Product – SAP Business Warehouse, Versions – 700, 701, 702, 711, 730, 731, 740, 750, 782 Product – SAP BW4HANA, Versions – 100, 200 |
Hot News | 9.9 |
3046610 | [CVE-2021-27611] Code Injection vulnerability in SAP NetWeaver AS ABAP Product – SAP NetWeaver AS ABAP, Versions – 700,701,702,730,731 |
High | 8.2 |
3049661 | [CVE-2021-27616] Multiple vulnerabilities in SAP Business One, version for SAP HANA (Business-One-Hana-Chef-Cookbook) Additional CVE – CVE-2021-27614 Product – SAP Business One, version for SAP HANA (Cookbooks), Versions – 0.1.6, 0.1.7, 0.1.19 |
High | 7.8 |
3049755 | [CVE-2021-27613] Information Disclosure in SAP Business One (Chef business-one-cookbook) Product – SAP Business One (Cookbooks), Version – 0.1.9 |
High | 7.8 |
3039818 | [CVE-2021-27619] Information Disclosure in SAP Commerce (Backoffice search) Product – SAP Commerce (Backoffice Search), Versions – 1808, 1811, 1905, 2005, 2011 |
Medium | 6.5 |
3012021 | [Multiple CVEs] Multiple vulnerabilities in SAP Process Integration (Integration Builder Framework) CVEs – CVE-2021-27617, CVE-2021-27618 Product – SAP Process Integration (Integration Builder Framework), Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Medium | 4.9 |
2976947 | Update to Security Note released on March 2021 Patch Day: [CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) Product – SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java), Versions – 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 |
Medium | 4.7 |
3030948 | Update to Security Note released on April 2021 Patch Day: [CVE-2021-27609] Missing Authorization check in SAP Focused RUN Product – SAP Focused RUN, Versions – 200, 300 |
Medium | 4.6 |
3023078 | [CVE-2021-27612] SAP GUI for Windows is vulnerable to redirect users to an untrusted website Product – SAP GUI for Windows, Versions – 7.60, 7.70 |
Low | 3.4 |