Firma SAP publikuje aktualizacje bezpieczeństwa 07/2021

utworzone przez | lip 13, 2021 | Aktualizacje

W dniu 13 lipca firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 15 nowych poprawek w tym 2 są krytyczne.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note# Title Priority CVSS
2622660 Update to Security Note released on August 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5		 Hot News 10
3007182 Update to Security Note released on June 2021 Patch Day:
[CVE-2021-27610Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Product – SAP NetWeaver AS ABAP and ABAP Platform, Versions – 700,701,702,731,740,750,751,752,753,754,755,804		 Hot News 9
3059446 [CVE-2021-33671Missing Authorization check in SAP NetWeaver Guided Procedures
Product – SAP NetWeaver Guided Procedures (Administration Workset), Versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50		 High 7.6
3056652 [CVE-2021-33670Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service)
Product – SAP NetWeaver AS for Java (Http Service), Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50		 High 7.5
3066316 [CVE-2021-33676Missing authorization check in SAP CRM ABAP
Product – SAP CRM, Versions – 700, 701, 702, 712, 713, 714		 Medium 6.8
3036436 Update to Security Note released on April 2021 Patch Day:
[CVE-2021-27604Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings)
Product – SAP Process Integration (Enterprise Service Repository JAVA Mappings), Versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50		 Medium 6.5
3044754 [CVE-2021-33677Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform
Product – SAP NetWeaver AS ABAP and ABAP Platform, Versions – 700, 702, 730, 731, 804, 740, 750, 784, DEV		 Medium 6.5
3048657 [CVE-2021-33678Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework)
Product – SAP NetWeaver AS ABAP (Reconciliation Framework), Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F		 Medium 6.5
3053403 [CVE-2021-33682Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server
Product – SAP Lumira Server, Version – 2.4		 Medium 5.4
3000663 [CVE-2021-33683HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager
Product – SAP Web Dispatcher and Internet Communication Manager, Versions – KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83		 Medium 5.4
3032624 [CVE-2021-33684Memory Corruption in SAP NetWeaver AS ABAP and ABAP Platform
Product – SAP NetWeaver AS ABAP and ABAP Platform, Versions – KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84		 Medium 5.3
3059764 [CVE-2021-33687Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal)
Product – SAP NetWeaver AS JAVA (Enterprise Portal), Versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50		 Medium 4.5
3044751 [CVE-2021-33667Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad)
Product – SAP Business Objects Web Intelligence (BI Launchpad), Versions – 420, 430		 Medium 4.3
3067890 [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
CVEs – CVE-2021-33681CVE-2021-33680
Product – SAP 3D Visual Enterprise Viewer, Version – 9.0		 Medium 4.3
3038594 [CVE-2021-33689Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator)
Product – SAP NetWeaver AS JAVA (Administrator applications), Version – 7.50		 Low 3.5