SAP News Overview for January 2021 - Safe O'Clock

SAP News Overview for January 2021

February 10, 2021

SAP releases January 2021 security updates

SAP has released a total of 17 new and updated security notes. Five of them have the highest Hot News severity ratings. 

The first of the notes (CVE-2021-21465), SAP describes as Multiple vulnerabilities in SAP Business Warehouse (Database Interface). It requires minimal privileges to operate successfully. Incorrectly sanitizing the provided SQL commands would allow an attacker to execute arbitrary SQL commands on the database, which could result in a complete compromise of the affected system. SAP fixed the bug by disabling the function module, applying the patch will dump all applications calling this function module.

The second one relates to CVE-2021-21466, code injection in both the Business Warehouse and BW / 4HANA. The vulnerability could be exploited to inject malicious code that is permanently saved as a report and which could be executed subsequently, which could affect the confidentiality, integrity, and availability of systems. An attacker needs low privileges to exploit it.

The other three are updates to fixes previously released in April 2018 (Updates to Chrome Browser in Business Client – CVSS score 10), November 2020 (Privilege escalation in NetWeaver Application Server for Java – CVSS score 9.1), and December 2020 (Business Warehouse code injection – CVSS score 9.1).

An exploit for a critical bug in SAP SolMan is publicly available

The exploit is fully functional and targets CVE-2020-6207 vulnerability. By exploiting the vulnerability, an attacker can compromise all SMDAgents connected to SAP Solution Manager. A successful attack using a vulnerability can impact an organization’s cybersecurity, compromising critical data, SAP applications, and business processes.

An attacker who gains access to the SolMan platform can potentially compromise any business system connected to SolMan, gain access to confidential data, delete data, and assign superuser privileges to any new user.

Microsoft Teams integrates with SAP business applications

Microsoft and SAP announced they will accelerate the implementation of SAP S/4HANA on Azure and build new integrations between Teams and SAP S/4HANA, SAP SuccessFactors and SAP Customer Experience. Microsoft and SAP have been working to launch SAP business software and services on Azure since 2011.

These integrations are expected to be available to customers by mid-2021.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – May 2024

On the 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. There were […]

Read more
SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more