SAP News Overview for March 2021 – Security and Acquisition - Safe O'Clock

SAP News Overview for March 2021 – Security and Acquisition

April 6, 2021

SAP releases March 2021 security updates

Tuesday 9th March SAP released a total of 14 new and updated security notes. Four of them have the highest Hot News severity ratings. 

Two Hot News notes rated CVSS 10.0 are not as critical as they might seem:

One is an old well-known security note that has been updated regularly over the past months – Security updates for the browser control Google Chromium delivered with SAP Business Client (Note #2622660).

Missing Authentication Check in SAP Solution Manager (Note #2890213) has also been updated. It is recommended to implement this patch as soon as possible as the missing authorization check in SAP Solution Manager has been fixed.

The one of the discussed vulnerabilities with a CVSS rating of 9.9 out of 10 is SAP MII Code Injection Vulnerability (CVE-2021-21480). Versions 15.1, 15.2, 15.3, and 15.4 are affected. SAP MII is a Java-based SAP NetWeaver AS platform that provides real-time production monitoring and rich data analysis tools. The flaw stems from a SAP MII component called Self-Service Composition Environment (SSCE), which is used to design dashboards for real-time data analysis. These dashboards can be saved as a Java Server Pages (JSP) file. However, an attacker can remotely intercept a JSP request to the server, inject malicious code into it, and then forward it to the server.

Another SAP HotNews # 3022422, (CVE-2021-21481), with a CVSS score of 9.6, fixed missing authorization check in SAP NetWeaver AS Java Migration Service. Failure to verify authorization could allow an unauthorized attacker to gain administrative privileges. This can lead to a complete violation of the confidentiality, integrity and availability of the system.

SAP completes acquisition of Signavio 

The companies announced the deal in February and completed the deal in early March. SAP said the acquisition will be used to support a new business transformation solution that moves more systems to the cloud to make businesses more resilient. Signavio process control technology is a cloud-based solution. Signavio products become part of the SAP Business Process Analytics portfolio and complement the SAP End-to-End Process Transformation portfolio.

New SAP Fieldglass Assignment Management is available

SAP announced the general availability of a new SAP Fieldglass Assignment Management solution that enables organizations in resource-intensive industries (oil and gas, chemical, utilities) to manage the execution and accounting of day-to-day equipment maintenance activities performed by external workers. The new solution enables organizations to track and manage onsite contracting assignments, from an issued maintenance order and an approved individual or general purchase order to an automatically generated vendor invoice.

SAP and Accenture launch Sustainable Future accelerator program

SAP and Accenture are launching a global acceleration program focused on sustainability to enable 13 startups from different industries to improve their positive impact on both the industry and society. Sustainable Future is a zero-equity program aimed at promoting digital transformation and innovation for corporate startups in four focus areas, including carbon tracking and trading, resource efficiency, tracking and mitigating climate risks, and circular economy. Startups will receive curated mentoring, access to SAP technology and application programming interfaces (APIs), and interact with SAP and Accenture customers to develop compelling proofs of concept. The accelerator program will last three months and will conclude with a demo day on July 8, 2021.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more