SAP News Overview for September 2021 - SAP and Amazon Business Expand Buyer Choice, Security updates - Safe O'Clock

SAP News Overview for September 2021 – SAP and Amazon Business Expand Buyer Choice, Security updates

October 15, 2021

SAP and Amazon Business Collaborate to Expand Buyer Choice

SAP announced a partnership with Amazon Business to expand the product range for its staff.

Integration of Amazon Business with SAP Ariba sourcing and sales solutions will simplify the process of purchasing products that various businesses need. Users in the US will be the first to see the integration options later this year.

“Customers want choices, and SAP is continually evaluating and onboarding new content sources for our Spot Buy capability to provide the most value to them.” said Tony Harris, global vice president, Business Network solutions, SAP.


SAP releases September 2021 security updates

On Tuesday 14th September, SAP released a total of 19 new and updated security notes. Seven of them have the highest Hot News severity ratings.

The largest number of notes were released this month for SAP Business One – 5 notes, and 2 notes were released for SAP Business Client. 

SAP recommended to update the SAP Business Client as Google updated the Chromium Engine – the April 2018 security note #2622660 with a CVSS rating of 10.

The most important fix is critical vulnerability [CVE-2021-37535] (Missing Authorization check in SAP NetWeaver Application Server for Java). An authenticated user could abuse functionality restricted to a different user group or read, modify or delete data.

Another vulnerability [CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework also has a CVSS rating of 9.9. An authenticated user with certain privileges can call NZDT function modules to execute a query to gain access to the backend database. 

[CVE-2021-38163] – Unrestricted File Upload vulnerability in SAP NetWeaver with a CVSS rating of 9.9. Users without administrator rights can upload files and execute operating system commands on the server with the rights of a Java server process. As a result, the data can be viewed and modified.

[CVE-2021-37531] – Unwanted operating system commands can also be executed in the SAP portal if specially prepared XSL stylesheet files are submitted to SAP NetWeaver Knowledge Management starting with version 7.10 (CVSS score 9.9 / 10).

It is necessary to pay attention to the vulnerabilities in SAP Contact Center 7.0, which also received a CVSS rating of 9.6 out of 10 due to the injection of operating system commands. Note #3073891, [CVE-2021-33672].


Infosys and SAP collaboration

Infosys announced a strategic partnership with SAP to deliver Business Process Transformation as a Service. As part of this collaboration, Infosys will use SAP Business Process Analytics (BPI) to identify opportunities and barriers to transformation and create a roadmap for customers. Infosys BPTaaS will augment RISE with SAP offering to reduce complexity and accelerate value realization.

As part of the collaboration, Infosys plans to bring BPI to the center of its process transformation offerings using its accelerators and methodologies.


You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more