Регистриране

Предупреждения


SAP публикува обновление за подобрение на защитата за септември 2021 г. - 23.09.2021


SAP публикува подобрение на защитата чрез отстраняване на уязвимости, засягащи множество продукти:

2622660


Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5

HotNews10
3078609

[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)
Product - SAP NetWeaver Application Server Java (JMS Connector Service) , Versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

HotNews10
3071984

Update to Security Note released on August 2021 Patch Day:
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One
Product - SAP Business One, Versions - 10.0

HotNews9.9
3089831

[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework
Product - SAP S/4HANA, Versions - 1511, 1610, 1709, 1809, 1909, 2020, 2021
ProductSAP LT Replication Server, Versions - 2.0, 3.0 
ProductSAP LTRS for S/4HANA, Version - 1.0
ProductSAP Test Data Migration Server, Version - 4.0
ProductSAP Landscape Transformation, Version - 2.0

HotNews9.9
3084487

[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)
Product - SAP NetWeaver (Visual Composer 7.0 RT) , Versions - 7.30, 7.31, 7.40, 7.50 

HotNews9.9
3081888

[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
Product - SAP NetWeaver Knowledge Management XML Forms , Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 

HotNews9.9
3073891

[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center
Additional CVEs - CVE-2021-33673, CVE-2021-33674, CVE-2021-33675
Product - SAP Contact Center, Version - 700

HotNews9.6
3080567

[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher
Product - SAP Web Dispatcher , Versions - WEBDISP - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 

High8.9
3051787

[CVE-2021-38177] Null Pointer Dereference vulnerability in SAP CommonCryptoLib
Product - SAP CommonCryptoLib , Versions - 8.5.38 or lower 

High7.5
3069032

[CVE-2021-33685] Directory Traversal vulnerability in SAP Business One
Product - SAP Business One, Versions - 10.0

Medium6.5
3082500

[CVE-2021-38175] Information Disclosure in SAP Analysis for Microsoft Office
Product - SAP Analysis for Microsoft Office , Version - 2.8 

Medium6.5
3060621

[CVE-2021-38150] Information disclosure in SAP Business Client
Product - SAP Business Client , Versions - 7.0, 7.70 

Medium6.1
3055180

[CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)
Product - SAP BusinessObjects Business Intelligence Platform (BI Workspace) , Version - 420 

Medium5.4
3068582

[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR
Product - SAP ERP Financial Accounting (RFOPENPOSTING_FR) , Versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105 

Medium5.4
3070138

[CVE-2021-33686] Information Disclosure in SAP Business One
Product - SAP Business One, Version - 10.0

Medium5.3
3082219

[CVE-2021-21489] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Product SAP NetWeaver Enterprise Portal, Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 

Medium4.8
3069882

[CVE-2021-33688] SQL Injection vulnerability in SAP Business One
Product - SAP Business One, Version - 10.0

Medium4.3
3075546

[CVE-2021-37532] Directory Listing Enabled in SAP Business One
Product - SAP Business One, Version - 10.0

Medium4.3
3087791

[CVE-2021-38174] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Product - SAP 3D Visual Enterprise Viewer, Version - 9.0

Medium4.3

Нападател може да използва някои от тези уязвимости, за да поеме контрола върху засегнатата система.

CERT България препоръчва на потребителите и администраторите да прегледат SAP Security Notes for September 2021 и да приложат необходимите актуализации.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405


23.9.2021 г.

НОВИ ВИРУСИ RSS
УЯЗВИМОСТИ RSS