SAP releases February 2021 security updates
SAP has released a total of 13 new and updated security notes. Three of them have the highest Hot News severity ratings.
A patch was released for the critical Remote Code Execution vulnerability in SAP Commerce CVE-2021-21477, with a CVSS rating of 9.9 out of 10. This vulnerability could allow unauthorized users to inject malicious code into these scenarios, which can have a strong negative impact on confidentiality, integrity, and application availability. SAP fixed the bug by changing the default permissions for new SAP Commerce installations, but existing installations require additional manual fix steps. The vulnerability affects SAP Commerce Cloud versions 1808, 1811, 1905, 2005, and 2011.
The other two Hot News notes are updates to previously released notes: one is related to the Chromium browser in the Business Client, and the other is related to the vulnerabilities originally fixed in the Business Warehouse in January 2021.
SAP Security Note [CVE-2021-21465], which has been updated twice since its first release on January patch day, received a CVSS rating of 9.9. The patch fixes numerous vulnerabilities found in SQL Injection and Missing Authorization in the SAP Business Warehouse database interface.
SAP Security Note # 2622660 (April 2018 Security Note Update) contains security updates for the Google Chromium Browser Control supplied with SAP Business Client.
SAP also released two high-severity security notes, one for missing authorization checks in NetWeaver AS ABAP and S4 HANA, and one for Denial of Service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform.
The other security notes cover medium-severity vulnerabilities in NetWeaver Master Data Management 7.1, NetWeaver Process Integration, Business Objects Business Intelligence Platform, SAPUI5, Web Dynpro ABAP Applications, HTTP UI5 Handler, and HANA Database.
SAP introduced a unified marketplace for SAP solutions and partner applications
The SAP company presented the consolidated marketplace SAP Store, which included two trading platforms – a store selling SAP products, as well as the SAP App Center service for partner applications. All SAP solutions and more than 1,700 partner applications are available through the new platform. The new service is expected to simplify the process of finding and purchasing software. Users will also be able to read customer reviews and see product ratings.
The search on the new SAP Store marketplace is completely objective and impartial, its main task is to help customers find the products and solutions that best suit their needs.
New SAP Store key features:
- Updated menu: it has more categories that cover additional areas of solutions;
- Guided search: clients could use the same structure of sentences and wording for searching as in a normal conversation with a manager, this significantly reduces the need for repeated searches;
- Search Tips: Search results pages include suggestions for next steps or popular features;
- Favorites: product pages could be saved in a personalized favorites section, later they can be compared with other offers.
SAP releases a special edition of SAP Learning Hub for partners
SAP has introduced a special edition of the SAP Learning Hub, built for SAP PartnerEdge members. It combined the necessary learning tools into one solution, including access to all developmental content, hands-on exercises, and assessment systems. This will help partners stay up to date with the latest SAP innovations and keep their certifications up to date.
Partner SAP Learning Hub brings together:
- Educational content to develop skills in working with solutions from the entire SAP portfolio, including such flagship solutions as SAP S / 4HANA and SAP Business Technology Platform;
- Access to training content for SAP PartnerEdge members and practice in SAP interactive training systems;
- Opportunities to receive digital certification badges and stay on top of technological advances.
As new products become available throughout 2021, SAP will update the training materials for the partner version so that partners can keep their knowledge, skills, and certifications up to date.
SAP buys no-code platform developer
SAP announced the acquisition of AppGyver, which specializes in no-code development platforms that enable users with no coding knowledge to build web applications.
The German business software maker emphasized that the deal fits well with its new strategic initiative ‘Rise with SAP’, which provides end-to-end support for customers as they move their enterprise applications to the cloud. Enterprises that have accepted the terms of the new service will no longer have to pay separately for licenses and maintenance, and their applications will be stored in their SAP cloud, rather than on-premises, in the customer’s internal IT system or elsewhere.
The terms of the deal were not disclosed.