تحديثات SAP
1780تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
14 إبريل, 2021
● متوسط
2021-2753
الكل
الوصف:
أصدرت SAP تحديثًا لمعالجة عدد من الثغرات في المنتجات التالية:
- SAP Commerce, Versions - 1808, 1811, 1905, 2005, 2011
- SAP NetWeaver AS JAVA (MigrationService), Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver Master Data Management, Versions - 710, 710.750
- SAP Solution Manager, Version - 7.20
- SAP NetWeaver AS ABAP (SAP Landscape Transformation - DMIS), Versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
- SAP S4 HANA (SAP Landscape Transformation), Versions - 101, 102, 103, 104, 105
- SAP Setup, Version - 9.0
- SAP NetWeaver AS for JAVA (Telnet Commands), Versions - ENGINEAPI - 7.30, 7.31, 7.40, 7.50, ESP_FRAMEWORK - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SERVERCORE - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, J2EE-FRMW - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet), Versions - 7.31, 7.40, 7.50
- SAP NetWeaver AS for ABAP, Versions - 731, 740, 750
- SAP Process Integration (Integration Builder Framework), Versions - 7.10, 7.30, 7.31, 7.40, 7.50
- SAP Process Integration (Enterprise Service Repository JAVA Mappings), Versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Manufacturing Execution (System Rules), Versions - 15.1, 15.2, 15.3, 15.4
- SAP NetWeaver AS for Java (Applications based on HTMLB for Java) , Versions - EP-BASIS - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, FRAMEWORK-EXT - 7.30, 7.31, 7.40, 7.50, FRAMEWORK - 7.10, 7.11
- SAP NetWeaver AS ABAP , Versions - 7.30
- SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java), Versions - 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50
- SAP Focused RUN, Versions - 200, 300
- SAP NetWeaver AS for JAVA (HTTP Service), Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Fiori Apps 2.0 for Travel Management in SAP ERP, Version - 608
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت SAP توضيحًا لهذه التحديثات: