Original Issue Date: May 21, 2021
Severity Rating: HIGH
Software Affected
- SAP Business Client Version 6.5
- SAP Commerce Versions 1808, 1811, 1905, 2005, 2011
- SAP Business Warehouse Versions 700, 701, 702, 711, 730, 731, 740, 750, 782
- SAP BW4HANA Versions 100, 200
- SAP Net Weaver AS ABAP Versions 700,701,702,730,731
- SAP Business One, version for SAP HANA (Cookbooks)Versions 0.1.6, 0.1.7, 0.1.19
- SAP Business One (Cookbooks) Version 0.1.9
- SAP Commerce (Back office Search)Versions 1808, 1811, 1905, 2005, 2011
- SAP Process Integration (Integration Builder Framework)Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP Net Weaver Application Server Java (Applications based on Web Dynpro Java)Versions 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50
- SAP Focused RUN Versions 200, 300
- SAP GUI for Windows Versions 7.60, 7.70
Overview
Multiple vulnerabilities have been reported in SAP products which could allow an attacker to execute arbitrary code, access sensitive information and perform other attacks on a targeted system.
Description
These vulnerabilities exist in SAP products due to missing XML validation, missing authorization check and other flaws in the affected software.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, access sensitive information and perform other attacks on a targeted system.
Solution
Update to patched versions as mentioned in SAP advisory:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.