SAP Updates
2013Warning Date
Severity Level
Warning Number
Target Sector
12 October, 2021
● High
2021-3658
All
Description:
SAP has released a security updates to address multiple vulnerabilities in the following products:
- SAP Business Client
- Version – 6.5
- SAP Environmental Compliance
- Version - 3.0
- SAP NetWeaver AS ABAP and ABAP Platform
- Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756
- SAP SuccessFactors Mobile Application (for Android devices)
- Versions - <2108
- SAP BusinessObjects Business Intelligence Platform (Crystal Reports)
- Versions - 420, 430
- SAP Business One
- Version - 10.0
- SAP Business One
- Version - 10.0
- SAP NetWeaver AS ABAP and ABAP Platform
- Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756
- SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)
- Versions - 7.70, 7.70 PI, 7.70BYD
- SAPUI5
- Versions - 750, 753, 754
- SAP NetWeaver
- Versions - 700, 701, 702, 730
- SAP NetWeaver AS ABAP and ABAP Platform
- Versions - 740, 750, 751, 752, 753, 754, 755
- SAP BusinessObjects Analysis, (edition for OLAP)
- Versions - 420, 430
- SAP NetWeaver AS ABAP and ABAP Platform
- Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Code Injection
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: