Security News > 2021 > August > Nine Critical and High-Severity Vulnerabilities Patched in SAP Products
German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.
One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One.
It's worth noting that SAP assigns a "Hot News" severity rating to critical vulnerabilities.
The high-severity vulnerabilities patched by SAP include two cross-site scripting flaws and an SSRF issue in NetWeaver Enterprise Portal.
"With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year. The small group of SAP applications that are affected by a CVSS 9.9 vulnerability in 2021 is now extended with SAP Business One and SAP NetWeaver Development Infrastructure," Onapsis said in a blog post.
A study conducted earlier this year by SAP and Onapsis showed that threat actors often start targeting SAP application vulnerabilities within days after patches are made available.
News URL
Related news
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Most critical vulnerabilities aren’t worth your attention (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-33698 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | 8.8 |