Security News > 2021 > April > SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver
2021-04-14 18:39

One of these updates refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications.

SAP also delivered an update that fixes a remote code execution bug in SAP Commerce used to organize product information for distribution across multiple communication channels.

The issue is identified as CVE-2021-27602 and affects SAP Commerce 1808, 1811, 1905, 2005, and 2011.

SAP evaluates it as critical too, giving a severity score of 9.8 out of 10.

An attacker authorized into the Backoffice Product Content Management application of SAP Commerce can exploit it to achieve remote code execution on the system by injecting malicious code in the source rules.

Another update that SAP views as critical is for the Migration Service component in the NetWeaver software stack - versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 - that enables organizations to integrate data and business processes from multiple sources.


News URL

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-27602 Code Injection vulnerability in SAP Commerce
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application.
network
low complexity
sap CWE-94
critical
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 328 25 679 386 113 1203