SAP Updates
1805Warning Date
Severity Level
Warning Number
Target Sector
14 July, 2021
● High
2021-3182
All
Description:
SAP has released a security updates to address multiple vulnerabilities in the following products:
- SAP Business Client
- 6.5
- SAP NetWeaver AS ABAP and ABAP Platform
- 700,701,702,731,740,750,751,752,753,754,755,804
- SAP NetWeaver Guided Procedures (Administration Workset)
- 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS for Java (Http Service)
- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP CRM
- 700, 701, 702, 712, 713, 714
- SAP Process Integration (Enterprise Service Repository JAVA Mappings)
- 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS ABAP and ABAP Platform
- 700, 702, 730, 731, 804, 740, 750, 784, DEV
- SAP NetWeaver AS ABAP (Reconciliation Framework)
- 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F
- SAP Lumira Server
- 2.4
- SAP Web Dispatcher and Internet Communication Manager
- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83
- SAP NetWeaver AS ABAP and ABAP Platform
- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84
- SAP NetWeaver AS JAVA (Enterprise Portal)
- 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Business Objects Web Intelligence (BI Launchpad)
- 420, 430
- SAP NetWeaver AS JAVA (Administrator applications)
- 7.50
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Information disclosure
- Missing authentication
- Missing authorization check
- Code Injection
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: