We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest
CVSS
score is 9.8.
Severity
SAP© Security advisories 17
System Types
Affected SAP© system types
3101406
CVSS
9.8
Affected system type
Java
Patchday
2021-10
Released on
2021/10/12
Description
Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance
3089438
CVSS
9.1
Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/20
Description
Missing transaction start (AU3) entries in the Security Audit Log
3097887
CVSS
9.1
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform
3077635
CVSS
7.8
Affected system type
SAP Success Factors
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices
3074693
CVSS
6.9
Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)
3074819
CVSS
6.7
Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-38179] Information Disclosure in SAP Business One
3080710
CVSS
6.5
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform
3079427
CVSS
6.5
Affected system type
SAP Business One
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-38180] CSV Injection in SAP Business One
3100882
CVSS
6.4
Affected system type
SAP Cloud Print Manager
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)
3055347
CVSS
6.1
Affected system type
SAP UI5
Patchday
2021-10
Released on
2021/10/12
Description
Cross-Site Scripting (XSS) vulnerability in SAPUI5
2988962
CVSS
5.4
Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28
Description
Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data
2988956
CVSS
5.4
Affected system type
ABAP
Patchday
2021-10
Released on
2021/09/28
Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data
3084937
CVSS
5.4
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver
2655294
CVSS
5.3
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
Missing Authorization check in SCM BAPIs
3099011
CVSS
5.3
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform
3098917
CVSS
4.3
Affected system type
BI/BO platform
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP)
3087254
CVSS
4.3
Affected system type
ABAP
Patchday
2021-10
Released on
2021/10/12
Description
[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform