W dniu 10 sierpnia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 15 nowych poprawek w tym 3 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
|
Note# |
Title | Severity |
CVSS |
| [CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One Product – SAP Business One, Version – 10.0 |
Hot News |
||
| [CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service) Product – SAP NetWeaver Development Infrastructure (Component Build Service), Versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Hot News |
||
| [CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation Product – DMIS Mobile Plug-In, Versions – DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020 Product – SAP S/4HANA, Versions – SAPSCORE 125, S4CORE 102, 102, 103, 104, 105 |
Hot News |
||
| [CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal Product – SAP NetWeaver Enterprise Portal, Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
High |
||
| [CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal Product – SAP NetWeaver Enterprise Portal (Application Extensions), Versions – 7.30, 7.31, 7.40, 7.50 |
High |
||
| [CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal Product – SAP NetWeaver Enterprise Portal, Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
High |
||
| [CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android Product – SAP Fiori Client Native Mobile for Android, Version – 3.2 |
High |
||
| [CVE-2021-33700] Missing Authentication check in SAP Business One Product – SAP Business One, Version – 10.0 |
High |
||
| [CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service) Product – SAP NetWeaver Development Infrastructure (Notification Service), Versions – 7.31, 7.40, 7.50 |
Medium |
||
| [CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector Additional CVEs – CVE-2021-33694, CVE-2021-33693, CVE-2021-33692 Product – SAP Cloud Connector, Version – 2.0 |
Medium |
||
| [CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer) Product – SAP Business One, Version – 10.0 |
Medium |
||
| Update to Security Note release on June 2021 Patch Day: [CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT), Versions – 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 |
Medium |
||
| [CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management) Product – SAP NetWeaver (Knowledge Management), Versions – 7.30, 7.31, 7.40, 7.50 |
Medium |
||
| [CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) Product – SAP BusinessObjects Business Intelligence Platform (Crystal Report), Versions – 420, 430 |
Medium |
||
| [CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5) Product – SAP BusinessObjects Business Intelligence Platform (SAPUI5), Versions – 420, 430 |
Medium |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny