Security News > 2021 > April > SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver
2021-04-14 18:39

One of these updates refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications.

SAP also delivered an update that fixes a remote code execution bug in SAP Commerce used to organize product information for distribution across multiple communication channels.

The issue is identified as CVE-2021-27602 and affects SAP Commerce 1808, 1811, 1905, 2005, and 2011.

SAP evaluates it as critical too, giving a severity score of 9.8 out of 10.

An attacker authorized into the Backoffice Product Content Management application of SAP Commerce can exploit it to achieve remote code execution on the system by injecting malicious code in the source rules.

Another update that SAP views as critical is for the Migration Service component in the NetWeaver software stack - versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 - that enables organizations to integrate data and business processes from multiple sources.


News URL

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 401 112 969 240 97 1418