SAP News Overview for May 2021 - Safe O'Clock

SAP News Overview for May 2021

June 7, 2021

SAP releases May 2021 security updates

Tuesday 11th May SAP released a total of 6 new and 5 updated security notes. Three of them have the highest Hot News severity ratings. 

The three Hot News security notes are updates to previously released notes. 

The first one is an update to Security Note released on August 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client. The vulnerability affects SAP Business Client version 6.5 and received a critical score of 10 on CVSS.

Two other updated notes with a CVSS score of 9.9 fix a Remote Code Execution vulnerability in Source Rules of SAP Commerce and a code injection vulnerability in Business Warehouse and BW/4HANA, respectively.

Three of the new security notes are high severity. 

The two security notes [CVE-2021-27616]; [CVE-2021-27613] fix three vulnerabilities in SAP Business One. The first two flaws  affect Business One for SAP HANA and can lead to code injection, allowing an attacker to take full control of the application, while the third affects Business One on SQL Server and could lead to salary disclosure.

The third high severity security note [CVE-2021-27611] addresses a code injection in NetWeaver AS ABAP that could allow an attacker with access to the local SAP system to read and overwrite data or launch a denial of service (DoS) attack.

New platform for SAP cloud services in Australia

SAP Critical Data Cloud is a new platform for SAP cloud services in Australia and New Zealand, designed to protect mission-critical business applications in government and highly regulated industries such as utilities, healthcare and financial services. The launch of the platform is scheduled for the second half of 2021. The new platform supports secure integration with other systems such as public cloud and specialized applications.

According to SAP the new platform is “a significant investment recognising the increased focus on improving whole-of-economy cybersecurity. The hardened platform provides customers the full functionality of SAP’s multi-tenanted cloud applications.”

Critical SAP applications under attack

Attackers are actively exploiting 6 vulnerabilities in mission-critical SAP applications. Exploitation of vulnerabilities can lead to sensitive data theft, financial fraud, disruption of service, and even the risk of malware injecting into an application, including ransomware. Between mid-2020 and April 2021, over 300 successful attacks exploiting flaws were recorded.

On April 6, 2021, SAP released an attack risk warning for organizations using SAP systems. The patches were released following a warning. Those who have not applied the patches are strongly advised to do so as soon as possible.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – February 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 13 new Security Notes. There were […]

Read more
SAP Security Notes – January 2024

On the 9th of January 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP Security Notes – December 2023

On the 12th of December 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP Security Notes – November 2023

On the 14th of November 2023, SAP Security Patch Day saw the release of 3 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK