Security Warnings

Your review has been sent successfully
Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

SAP Updates

63

Warning Date: 14 September, 2021

Severity Level ● Critical

Warning Number: 2021-3513

Target Sector: All

Description:

SAP has released a security updates to address multiple vulnerabilities in the following products:

  • SAP Business Client
    • 6.5, 7.0, 7.70
  • SAP NetWeaver Application Server Java (JMS Connector Service)
    • 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
  • SAP Business One
    • 10.0
  • SAP S/4HANA
    • 1511, 1610, 1709, 1809, 1909, 2020, 2021
  • SAP NetWeaver (Visual Composer 7.0 RT)
    • 7.30, 7.31, 7.40, 7.50
  • SAP NetWeaver Knowledge Management XML Forms
    • 7.10, 7.11, 7.30, 7.31, 7.40, 7.50
  • SAP Contact Center
    • 700
  • SAP Web Dispatcher
    • WEBDISP - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83
  • SAP CommonCryptoLib
    • 8.5.38 or lower
  • SAP Analysis for Microsoft Office
    • 2.8
  • SAP BusinessObjects Business Intelligence Platform (BI Workspace)
    • 420
  • SAP ERP Financial Accounting (RFOPENPOSTING_FR)
    • SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105
  • SAP NetWeaver Enterprise Portal
    • 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
  • SAP 3D Visual Enterprise Viewer
    • 9.0

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Cross-site scripting (XSS)
  • Missing authorization check
  • Code Injection
  • SQL Injection
  • Unrestricted file upload

Best practice and Recommendations:

The CERT team encourages users to review SAP security advisory and apply the necessary updates:

Last updated at 14 September, 2021

Rate the content

rate-icon