This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.
On 9th of March 2021, SAP Security Patch Day saw the release of 9 Security Notes. There were 4 updates to previously released Patch Day Security Notes.
List of security notes released on March Patch Day:
Note# | Title | Priority | CVSS |
2890213 |
Update to security note released on March 2020 Patch Day: |
Hot News | 10 |
2622660 | Update to security note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product - SAP Business Client, Version - 6.5 |
Hot News | 10 |
3022622 | [CVE-2021-21480] Code Injection Vulnerability in SAP MII Product - SAP Manufacturing Integration and Intelligence, Versions - 15.1, 15.2, 15.3, 15.4 |
Hot News | 9.9 |
3022422 | [CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService) Product - SAP NetWeaver AS JAVA (MigrationService), Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 |
Hot News | 9.6 |
3017378 | [CVE-2021-21484] Possible authentication bypass in SAP HANA LDAP scenarios Product - SAP HANA, Version - 2.0 |
High | 7.7 |
3007888 | [CVE-2021-21486] Missing Authorization check in SAP Enterprise Financial Services( Bank Customer Accounts) Product - SAP Enterprise Financial Services (Bank Customer Accounts), Versions - 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 |
Medium | 6.8 |
2983436 | [CVE-2021-21488] Insecure Deserialisation in SAP NetWeaver Knowledge Management Product - SAP NetWeaver Knowledge Management, Versions - 7.01, 7.02, 7.30,7.31, 7.40, 7.50 |
Medium | 6.8 |
3023778 | [CVE-2021-21487] Missing Authorization Check in Payment Engine Product - SAP Payment Engine, Version - 500 |
Medium | 6.8 |
2943844 | Update to security note released on October 2020 Patch Day: [CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services) Product - SAP BusinessObjects Business Intelligence Platform (Web Services), Versions - 410, 420, 430 |
Medium | 5.3 |
2976947 | [CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) Product - SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java), Versions - 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 |
Medium | 4.7 |
3027767 | [CVE-2021-27592] Improper Input Validation in SAP 3D Visual Enterprise Viewer Product - SAP 3D Visual Enterprise Viewer, Version - 9 |
Medium |
4.3 |
3027758 |
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer |
Medium | 4.3 |
2944188 |
Update to security note released on November 2020 Patch Day: |
'취약점 정보2' 카테고리의 다른 글
Apple 제품 보안 업데이트 권고 (0) | 2021.03.10 |
---|---|
MS 3월 보안 위협에 따른 정기 보안 업데이트 권고 (0) | 2021.03.10 |
Rockwell Automation 취약점 보안 주의 권고 (0) | 2021.03.02 |
OpenSSL 보안 권고 [2020 년 12 월 8 일]EDIPARTYNAME NULL 포인터 역 참조 (CVE-2020-1971) (0) | 2020.12.09 |
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up (0) | 2020.12.07 |