SAP releases August 2021 security updates
On Tuesday 10th August, SAP released a total of 19 new and updated security notes. Three of them have the highest Hot News severity ratings and six are rated high priority.
The most important fix is critical vulnerability CVE-2021-33698 (Unrestricted file upload vulnerability affecting SAP Business One). An attacker could exploit the script loading vulnerability, suggesting that the vulnerability could be exploited to execute arbitrary code.
The vulnerability (CVE-2021-33690) relates to Server Side Request Forgery (SSRF) and affects the NetWeaver development infrastructure. An attacker could exploit a proxy vulnerability by sending specially crafted requests. If the device is available on the Internet, a hacker “could completely compromise sensitive data residing on the server, and impact its availability”.
The third vulnerability with a CVSS score of 9.1 (CVE-2021-33701) is an SQL injection in the SAP NZDT (Near Zero Downtime Technology) service used by S / 4HANA and the DMIS mobile plugin.
Other critical issues include two cross-site scripting (XSS) vulnerabilities [CVE-2021-33702], [CVE-2021-33703], and an SSRF vulnerability [CVE-2021-33705] in the NetWeaver Enterprise Portal. XSS vulnerabilities affect two portal servlets and allow an attacker to inject JavaScript code into the corresponding pages. The code is executed in the victim’s browser when she accesses the compromised servlet.
An SSRF vulnerability allows an unauthorized attacker to make requests to internal or external servers by tricking the user into clicking a malicious link.
NBA Selects RISE with SAP
US basketball league and SAP announced an expanded partnership and cloud computing capabilities.
The NBA will migrate its SAP cloud software environment, including the HANA Cloud database, to Microsoft Azure. Using the new SAP software, the NBA will be able to modernize several business processes to work more efficiently, and this technology will also improve DTC initiatives and fan interactions.
“The NBA has consistently delivered cutting-edge experiences for fans powered by industry-leading innovation in sports and entertainment,” said Lloyd Adams, SAP North America senior vice president, and managing director of East Region. “We look forward to helping the NBA continue its impressive cloud transformation strategy via RISE with SAP.”
SAP acquires machine learning tech company SwoopTalent
SAP announced that it is acquiring SwoopTalent, the machine learning (ML) and artificial intelligence (AI) based tech company.
Now SAP will be able to embed SwoopTalent’s data, AI, and ML technology across SAP SuccessFactors solutions, which will enhance the human experience management (HXM) systems offered by SAP.
The AI-powered SwoopTalent platform allows to manage data from different HR systems, as well as combine and analyze information to facilitate more effective HR decision-making. With newly-acquired tools, SAP will be able to help customers gain meaningful information that will assist them in their initiatives to improve the skills and retraining of their employees.
“By making workforce data more reliable and accessible, we can help our customers gain powerful insights about their people to effectively upskill, reskill and redeploy talent and future-proof their business. The founders of SwoopTalent are industry thought leaders with proven expertise using data, machine learning and analytics to elevate HR and make organizations more competitive. We are thrilled to have them join SAP to further our HXM strategy.” said Meg Bear, SAP SuccessFactors chief product officer.
