Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in SAP Products
Alerts

Critical Vulnerabilities in SAP Products

15 April 2021

SAP has released security patches to address multiple vulnerabilities in their Business Client, Commerce, and NetWeaver products.

A few of the vulnerabilities have been classified as critical in severity and require the immediate attention of the administrator of the affected SAP products. They are listed in the table below.

Critical vulnerabilities

CVE Number

CVE Name

Base Score

-

Security updates for the browser control Google Chromium delivered with SAP Business Client

10

CVE-2021-27602

Remote Code Execution vulnerability in Source Rules of SAP Commerce

9.9

CVE-2021-21481

Missing Authorisation Check in SAP NetWeaver AS for JAVA (Migration Service)

9.6

CVE-2021-21482

Information disclosure in SAP NetWeaver Master Data Management

8.3

CVE-2021-21483

Information disclosure in SAP Solution Manager

8.2

CVE-2020-26832

Missing authorisation check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)

7.6

CVE-2021-27608

Unquoted search path in SAPSetup

7.5

CVE-2021-21485

Information disclosure in SAP NetWeaver AS for Java (Telnet Commands)

7.4

For the full list of security patches released by SAP, please refer to https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Back to top