Description:

SAP has released security updates to address multiple vulnerabilities in the following products:

• SAP Business Client, Version -6.5
• SAP NetWeaver and ABAP Platform, Versions -KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22
• SAP PowerDesigner Proxy 16.7, Versions -16.7
• SAP 3D Visual Enterprise Viewer, Version -9.0
• SAP NetWeaver Application Server for ABAP and ABAP Platform,Version -700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, 788
• SAP NetWeaver Development Infrastructure (Design Time Repository), Versions -7.30, 7.31, 7.40, 7.50
• SAP NetWeaver, ABAP Platform and SAP Host Agent, Versions -KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22
• SAPERP, localization forCEEcountries, Versions -C-CEE110_600, 110_602, 110_603, 110_604, 110_700
• SAP Financials, Versions -SAP_FIN 618, 720
• SAP S/4Hana Core, Versions -S4CORE 100, 101, 102, 103, 104, 105, 106, 107, 108
• SAP Adaptive Server Enterprise (ASE), Versions -KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53
• SAP NetWeaverASABAP,ASJava, ABAP Platform and HANA Database, Versions -KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.2
• SAP NetWeaver Developer Studio (NWDS), Versions -7.50
• SAP Adaptive Server Enterprise (ASE), Versions -KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Escalation of privilege
• Execute arbitrary code
• Information Disclosure

Best practice and Recommendations:

The CERT team encourages users to review SAP security advisory and apply the necessary updates:

• https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10