SAP© Security Advisories - 02 2021 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 11 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

_{Related note}
2973428

_CVSS
4.7

_{Affected system
type}
Kernel

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
Reverse Tabnabbing vulnerability within SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
2992154

_CVSS
4.1

_{Affected system
type}
SAP HANA Platform

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21474] SAML Assertion Signature MD5 Digest Algorithm Vulnerability in SAP HANA Database

Security Advisory

_{Related note}
2974582

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21478] Reverse Tabnabbing vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP)

Security Advisory

_{Related note}
2998173

_CVSS
6.3

_{Affected system
type}
SAP Netweaver

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1

Security Advisory

_{Related note}
2935791

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)

Security Advisory

_{Related note}
2818963

_CVSS
0.0

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
Clickjacking vulnerability in Adapter Runtime of SAP Process Integration

Security Advisory

_{Related note}
3014121

_CVSS
9.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce

Security Advisory

_{Related note}
2835240

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration

Security Advisory

_{Related note}
2994289

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
Reverse Tabnabbing vulnerability within SAP CRM WebClient UI

Security Advisory

_{Related note}
3000897

_CVSS
4.0

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
[CVE-2021-21475] Directory Traversal vulnerability in SAP NetWeaver Master Data Management 7.1

Security Advisory

_{Related note}
2990992

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09

Description
Missing Authorization Checks in the Monitor Data and My Data Collections Apps

Security Advisory

Notifications

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

Related note 2973428

CVSS 4.7

Affected system type Kernel

Patchday2021-02

Released on2021/02/09

Related note 2992154

CVSS 4.1

Affected system type SAP HANA Platform

Patchday2021-02

Released on2021/02/09

Related note 2974582

CVSS 4.7

Affected system type ABAP

Patchday2021-02

Released on2021/02/09

Related note 2998173

CVSS 6.3

Affected system type SAP Netweaver

Patchday2021-02

Released on2021/02/09

Related note 2935791

CVSS 5.4

Affected system type BI/BO platform

Patchday2021-02

Released on2021/02/09

Related note 2818963

CVSS 0.0

Affected system type Java

Patchday2021-02

Released on2021/02/09

Related note 3014121

CVSS 9.9

Affected system type SAP Commerce Cloud

Patchday2021-02

Released on2021/02/09

Related note 2835240

CVSS 5.4

Affected system type Java

Patchday2021-02

Released on2021/02/09

Related note 2994289

CVSS 4.1

Affected system type ABAP

Patchday2021-02

Released on2021/02/09

Related note 3000897

CVSS 4.0

Affected system type Java

Patchday2021-02

Released on2021/02/09

Related note 2990992

CVSS 5.4

Affected system type ABAP

Patchday2021-02

Released on2021/02/09

_{Related note}
2973428

_CVSS
4.7

_{Affected system
type}
Kernel

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2992154

_CVSS
4.1

_{Affected system
type}
SAP HANA Platform

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2974582

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2998173

_CVSS
6.3

_{Affected system
type}
SAP Netweaver

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2935791

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2818963

_CVSS
0.0

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
3014121

_CVSS
9.9

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2835240

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2994289

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
3000897

_CVSS
4.0

_{Affected system
type}
Java

_Patchday
2021-02

_{Released
on}
2021/02/09

_{Related note}
2990992

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2021-02

_{Released
on}
2021/02/09