Security News > 2021 > August > Nine Critical and High-Severity Vulnerabilities Patched in SAP Products
German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.
One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One.
It's worth noting that SAP assigns a "Hot News" severity rating to critical vulnerabilities.
The high-severity vulnerabilities patched by SAP include two cross-site scripting flaws and an SSRF issue in NetWeaver Enterprise Portal.
"With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year. The small group of SAP applications that are affected by a CVSS 9.9 vulnerability in 2021 is now extended with SAP Business One and SAP NetWeaver Development Infrastructure," Onapsis said in a blog post.
A study conducted earlier this year by SAP and Onapsis showed that threat actors often start targeting SAP application vulnerabilities within days after patches are made available.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-15 | CVE-2021-33698 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | 8.8 |