SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

2021-04-14 18:39

One of these updates refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications.

SAP also delivered an update that fixes a remote code execution bug in SAP Commerce used to organize product information for distribution across multiple communication channels.

The issue is identified as CVE-2021-27602 and affects SAP Commerce 1808, 1811, 1905, 2005, and 2011.

SAP evaluates it as critical too, giving a severity score of 9.8 out of 10.

An attacker authorized into the Backoffice Product Content Management application of SAP Commerce can exploit it to achieve remote code execution on the system by injecting malicious code in the source rules.

Another update that SAP views as critical is for the Migration Service component in the NetWeaver software stack - versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 - that enables organizations to integrate data and business processes from multiple sources.

News URL

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/

#critical #SAP #CVE-2021-27602

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-13	CVE-2021-27602	SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
SAP		384	110	936	248	94	1388