SAP Updates
1935Warning Date
Severity Level
Warning Number
Target Sector
8 June, 2021
● High
2021-3001
All
Description:
SAP has released a security updates to address multiple vulnerabilities in the following products:
- SAP Commerce
- 1808, 1811, 1905, 2005, 2011
- SAP NetWeaver AS ABAP and ABAP Platform
- 700,701,702,731,740,750,751,752,753,754,755,804
- SAP NetWeaver AS for JAVA
- 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS for ABAP (RFC Gateway)
- KRNL32NUC - 7.22,7.22EXT
- KRNL64NUC - 7.22,7.22EXT,7.49
- KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73
- KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83
- SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
- KRNL32NUC - 7.22,7.22EXT
- KRNL64NUC - 7.22,7.22EXT,7.49
- KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73
- KERNEL - 7.22,8.04,7.49,7.53,7.73
- SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)
- KRNL32NUC - 7.22,7.22EXT
- KRNL32UC - 7.22,7.22EXT
- KRNL64NUC - 7.22,7.22EXT,7.49
- KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73
- KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83
- SAP Business One
- 10.0
- SAP Manufacturing Execution
- 15.1, 1.5.2, 15.3, 15.4
- SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT)
- 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755
- SAP NetWeaver AS for ABAP (Web Survey)
- 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F
- SAP NetWeaver AS (Internet Graphics Server – Portwatcher)
- 7.20,7.20EXT,7.53,7.20_EX2,7.81
- SAP Enable Now (SAP Workforce Performance Builder - Manager)
- 10.0, 1.0
- SAP NetWeaver AS ABAP
- KRNL32NUC - 7.22,7.22EXT
- KRNL32UC - 7.22,7.22EXT
- KRNL64NUC - 7.22,7.22EXT,7.49
- KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73
- KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84
- SAP NetWeaver AS for Java (UserAdmin)
- 7.11,7.20,7.30,7.31,7.40,7.50
- SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP)
- SAP_UI – 750,752,753,754,755, SAP_BASIS – 702, 31
- SAP Commerce Cloud
- 100
- SAP 3D Visual Enterprise Viewer
- 9
- SAP Fiori Apps 2.0 for Travel Management in SAP ERP
- 608
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Information disclosure
- Missing authentication
- Missing authorization check
- Memorry corruption
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: