Security News > 2021 > August > Nine Critical and High-Severity Vulnerabilities Patched in SAP Products
German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.
One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One.
It's worth noting that SAP assigns a "Hot News" severity rating to critical vulnerabilities.
The high-severity vulnerabilities patched by SAP include two cross-site scripting flaws and an SSRF issue in NetWeaver Enterprise Portal.
"With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year. The small group of SAP applications that are affected by a CVSS 9.9 vulnerability in 2021 is now extended with SAP Business One and SAP NetWeaver Development Infrastructure," Onapsis said in a blog post.
A study conducted earlier this year by SAP and Onapsis showed that threat actors often start targeting SAP application vulnerabilities within days after patches are made available.
News URL
Related news
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-33698 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | 6.5 |