We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 18 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 18
System Types
Affected SAP© system types
3072955
CVSS
9.9
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)
3071984
CVSS
9.9
Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One
3078312
CVSS
9.1
Affected system type
ABAP
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation
3057378
CVSS
8.8
Affected system type
Kernel
Patchday
2021-08
Released on
2021/08/10
Description
Missing Authentication check in SAP Web Dispatcher
3073681
CVSS
8.3
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
3072920
CVSS
8.3
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
3074844
CVSS
8.1
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal
3067219
CVSS
7.6
Affected system type
SAP Fiori Client Android
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android
3073325
CVSS
7.0
Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33700] Missing Authentication check in SAP Business One
3073450
CVSS
6.9
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)
3058553
CVSS
6.8
Affected system type
SAP Cloud Connector
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector
2659604
CVSS
6.4
Affected system type
ABAP
Patchday
2021-08
Released on
2021/07/27
Description
Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM
3002517
CVSS
6.3
Affected system type
ABAP
Patchday
2021-08
Released on
2021/06/08
Description
[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
3078072
CVSS
6.3
Affected system type
SAP Business One
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)
2675775
CVSS
6.3
Affected system type
ABAP
Patchday
2021-08
Released on
2021/08/10
Description
Switchable Authorization checks for RFC in CRM Middleware
3076399
CVSS
6.1
Affected system type
Java
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)
3062085
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
3063048
CVSS
4.7
Affected system type
BI/BO platform
Patchday
2021-08
Released on
2021/08/10
Description
[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)