Security News > 2021 > June > SAP Patches Critical Vulnerabilities in NetWeaver
German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.
SAP NetWeaver received the largest number of patches with a total of 10 security notes documenting and resolving vulnerabilities.
The most important of the new notes addresses an improper authentication vulnerability in NetWeaver ABAP Server and ABAP Platform.
The issue exists because an ABAP server could not correctly identify if communication via RFC or HTTP is between the application servers of the same SAP system or with servers outside the same system.
Three other security notes patch ten memory corruption flaws in NetWeaver ABAP Server and ABAP Platform.
All of the remaining security notes released on SAP's June 2021 Security Patch Day address medium risk vulnerabilities.
News URL
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)