SAP News Overview for January 2021 - Safe O'Clock

SAP News Overview for January 2021

February 10, 2021

SAP releases January 2021 security updates

SAP has released a total of 17 new and updated security notes. Five of them have the highest Hot News severity ratings. 

The first of the notes (CVE-2021-21465), SAP describes as Multiple vulnerabilities in SAP Business Warehouse (Database Interface). It requires minimal privileges to operate successfully. Incorrectly sanitizing the provided SQL commands would allow an attacker to execute arbitrary SQL commands on the database, which could result in a complete compromise of the affected system. SAP fixed the bug by disabling the function module, applying the patch will dump all applications calling this function module.

The second one relates to CVE-2021-21466, code injection in both the Business Warehouse and BW / 4HANA. The vulnerability could be exploited to inject malicious code that is permanently saved as a report and which could be executed subsequently, which could affect the confidentiality, integrity, and availability of systems. An attacker needs low privileges to exploit it.

The other three are updates to fixes previously released in April 2018 (Updates to Chrome Browser in Business Client – CVSS score 10), November 2020 (Privilege escalation in NetWeaver Application Server for Java – CVSS score 9.1), and December 2020 (Business Warehouse code injection – CVSS score 9.1).

An exploit for a critical bug in SAP SolMan is publicly available

The exploit is fully functional and targets CVE-2020-6207 vulnerability. By exploiting the vulnerability, an attacker can compromise all SMDAgents connected to SAP Solution Manager. A successful attack using a vulnerability can impact an organization’s cybersecurity, compromising critical data, SAP applications, and business processes.

An attacker who gains access to the SolMan platform can potentially compromise any business system connected to SolMan, gain access to confidential data, delete data, and assign superuser privileges to any new user.

Microsoft Teams integrates with SAP business applications

Microsoft and SAP announced they will accelerate the implementation of SAP S/4HANA on Azure and build new integrations between Teams and SAP S/4HANA, SAP SuccessFactors and SAP Customer Experience. Microsoft and SAP have been working to launch SAP business software and services on Azure since 2011.

These integrations are expected to be available to customers by mid-2021.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – October 2023

On the 10th of October 2023, SAP Security Patch Day saw the release of 6 new Security Notes. There were […]

Read more
SAP Security Notes – September 2023

On the 12th of September 2023, SAP Security Patch Day saw the release of 13 new Security Notes. There were […]

Read more
SAP Security Notes – August 2023

On the 8th of August 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP News Overview for July 2023

SAP Advisory Group speaks AI ethics Last month, the regular meeting of the SAP Advisory Group on the Ethics of Artificial […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more