- Home
- Alerts & Advisories
- Alerts
- Multiple Vulnerabilities in SAP Products
Alerts
Multiple Vulnerabilities in SAP Products
11 August 2021
SAP has released security patches to address several vulnerabilities in their products. They are listed in the table below.
A few of the vulnerabilities have been classified as high in severity. Administrators of affected products are advised to prioritise the patching of these vulnerabilities.
List of Vulnerabilities
CVE Number | CVE Name | Base Score |
|---|---|---|
CVE-2021-33698 | Unrestricted File Upload vulnerability in SAP Business One | 9.9 |
CVE-2021-33690 | Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service) | 9.9 |
CVE-2021-33701 | SQL Injection vulnerability in SAP NZDT Row Count Reconciliation | 9.1 |
CVE-2021-33705 | Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal | 8.1 |
CVE-2021-33700 | Missing Authentication check in SAP Business One | 7 |
CVE-2021-33691 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service) | 6.9 |
CVE-2021-33695 | Multiple Vulnerabilities in SAP Cloud Connector | 6.8 |
CVE-2021-33704 | Missing Authorisation Check in SAP Business One (Service Layer) | 6.3 |
CVE-2021-21473 | Missing Authorisation check in SAP NetWeaver AS ABAP and ABAP Platform | 6.3 |
CVE-2021-33696 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) | 5.4 |
CVE-2021-33697 | Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5) | 4.7 |
For the full list of security patches released by SAP, please refer to:
https://wiki.scn.sap.com/wiki/plugins/servlet/mobile?contentId=582222806#content/view/582222806