Security News > 2021 > August > Nine Critical and High-Severity Vulnerabilities Patched in SAP Products

Nine Critical and High-Severity Vulnerabilities Patched in SAP Products
2021-08-11 10:21

German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.

One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One.

It's worth noting that SAP assigns a "Hot News" severity rating to critical vulnerabilities.

The high-severity vulnerabilities patched by SAP include two cross-site scripting flaws and an SSRF issue in NetWeaver Enterprise Portal.

"With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year. The small group of SAP applications that are affected by a CVSS 9.9 vulnerability in 2021 is now extended with SAP Business One and SAP NetWeaver Development Infrastructure," Onapsis said in a blog post.

A study conducted earlier this year by SAP and Onapsis showed that threat actors often start targeting SAP application vulnerabilities within days after patches are made available.


News URL

http://feedproxy.google.com/~r/securityweek/~3/WTA71W4Ktl0/nine-critical-and-high-severity-vulnerabilities-patched-sap-products

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-33698 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.
network
low complexity
sap CWE-434
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 328 25 679 386 113 1203