W dniu 9 listopada firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 7 nowych poprawek w tym 1 jest krytyczna.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
Note# |
Title | Priority |
CVSS |
[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel Product – SAP ABAP Platform Kernel, Versions – 7.77, 7.81, 7.85, 7.86 |
Hot News |
||
[CVE-2021-40502] Missing Authorization check in SAP Commerce Product – SAP Commerce, Versions – 2105.3, 2011.13, 2005.18, 1905.34 |
High |
||
Update to Security Note released on October 2020 Patch Day: [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Product– CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run), Versions – 9.7, 10.1, 10.5, 10.7 |
High |
||
[CVE-2021-40503] Information Disclosure in SAP GUI for Windows Product – SAP GUI for Windows, Versions – < 7.60 PL13, 7.70 PL4 |
Medium |
||
[CVE-2021-42062] Missing Authorization check in SAP ERP HCM Product – SAP ERP HCM Portugal, Versions – 600, 604, 608 |
Medium |
||
Update to Security Note released on September 2021 Patch Day: [CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR Product – SAP ERP Financial Accounting (RFOPENPOSTING_FR) , Versions – SAP_APPL – 600, 602, 603, 604, 605, 606, 616, SAP_FIN – 617, 618, 700, 720, 730, SAPSCORE – 125, S4CORE, 100, 101, 102, 103, 104, 105 |
Medium |
||
[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform Product – SAP NetWeaver AS for ABAP and ABAP Platform, Versions – 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 |
Medium |