SAP releases July 2021 security updates
On Tuesday 13th June, SAP released a total of 12 new and 3 updated security notes. Two of them have the highest Hot News severity ratings.
The vulnerability with the highest CVSS is patched with the newest SAP Business Client update provided with HotNews Note #2622660. This note receives updates on a monthly basis and is to be reviewed regularly.
The second vulnerability [CVE-2021-27610] – SAP Security HotNews Note #3007182 with a CVSS score of 9.0 includes a minor update on a vulnerability that was initially fixed on June’s Patch Day. SAP has added an additional SP Stack Kernel version to the support packages section.
In July, a serious CVSS 7.6 security vulnerability [CVE-2021-33671] related to lack of authorization in SAP NetWeaver Managed Procedures (SAP GP) was fixed (SAP Security Note # 3059446). A missing authorization vulnerability was discovered in the SAP GP administration working set component. It is a centralized administration tool for the GP and allows it to perform a wide variety of actions. Failure to verify authorization may result in unauthorized reading, modification, or deletion of data. If you are not using managed procedures, the note suggests disabling this feature in the Java System Properties as a workaround.
The second high-priority note, SAP Security Note # 3056652, has a CVSS rating of 7.5. The vulnerability [CVE-2021-33670] affects SAP NetWeaver AS for Java (HTTP Service) and exists because HTTP requests are not properly validated when saving monitoring data. Thus, an attacker capable of manipulating HTTP requests could exhaust system resources, causing a denial of service condition.
Google and SAP will collaborate on cloud technology
Google Cloud and SAP announced an expanded strategic partnership. Google Cloud joins ‘RISE with SAP’ program, expands the availability of SAP services available on Google Cloud. As part of the partnership, SAP RISE customers will be able to use Google Cloud services, including artificial intelligence and machine learning. Now SAP is developing the idea of a modular cloud ERP and extending RISE modules for human experience management, analytics, and governments.
“Our focus on industries is AI, big data, and ML. SAP is focused on processes. We can add value and augment some of those processes,” said Rob Enslin, president of Google Cloud Sales. “BigQuery and SAP HANA are very complementary.” The partnership will enable customers to seamlessly migrate their most critical business processes and applications to the cloud, he added.
IBM and SAP move financial institutions to hybrid cloud
SAP will offer financial and data management tools in IBM Cloud for Financial Services as part of its collaborative effort to move industries to a hybrid cloud.
With SAP on IBM Cloud for Financial Services, financial institutions and their partners, in particular, will be able to access the SAP intelligence suite, including SAP S / 4HANA tools, as well as data management tools such as SAP Adaptive Server Enterprise and SAP IQ software.
IBM and SAP are already collaborating and helped hundreds of companies digitize their operations using hybrid cloud environments. Expanding this partnership to serve financial companies is a logical step given the stringent industry requirements for compliance, security, and resiliency.