SAP Updates
1771Warning Date
Severity Level
Warning Number
Target Sector
14 April, 2021
● Medium
2021-2753
All
Description:
SAP has released a security update to address several vulnerabilities in the following products:
- SAP Commerce, Versions - 1808, 1811, 1905, 2005, 2011
- SAP NetWeaver AS JAVA (MigrationService), Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver Master Data Management, Versions - 710, 710.750
- SAP Solution Manager, Version - 7.20
- SAP NetWeaver AS ABAP (SAP Landscape Transformation - DMIS), Versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
- SAP S4 HANA (SAP Landscape Transformation), Versions - 101, 102, 103, 104, 105
- SAP Setup, Version - 9.0
- SAP NetWeaver AS for JAVA (Telnet Commands), Versions - ENGINEAPI - 7.30, 7.31, 7.40, 7.50, ESP_FRAMEWORK - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SERVERCORE - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, J2EE-FRMW - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet), Versions - 7.31, 7.40, 7.50
- SAP NetWeaver AS for ABAP, Versions - 731, 740, 750
- SAP Process Integration (Integration Builder Framework), Versions - 7.10, 7.30, 7.31, 7.40, 7.50
- SAP Process Integration (Enterprise Service Repository JAVA Mappings), Versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Manufacturing Execution (System Rules), Versions - 15.1, 15.2, 15.3, 15.4
- SAP NetWeaver AS for Java (Applications based on HTMLB for Java) , Versions - EP-BASIS - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, FRAMEWORK-EXT - 7.30, 7.31, 7.40, 7.50, FRAMEWORK - 7.10, 7.11
- SAP NetWeaver AS ABAP , Versions - 7.30
- SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java), Versions - 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50
- SAP Focused RUN, Versions - 200, 300
- SAP NetWeaver AS for JAVA (HTTP Service), Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Fiori Apps 2.0 for Travel Management in SAP ERP, Version - 608
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code –remotely
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: