Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Multiple Vulnerabilities in SAP Products

11 August 2021

SAP has released security patches to address several vulnerabilities in their products. They are listed in the table below.

A few of the vulnerabilities have been classified as high in severity. Administrators of affected products are advised to prioritise the patching of these vulnerabilities.

List of Vulnerabilities

CVE Number

CVE Name

Base Score

CVE-2021-33698

Unrestricted File Upload vulnerability in SAP Business One

 9.9

CVE-2021-33690   

Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)

 9.9

CVE-2021-33701

SQL Injection vulnerability in SAP NZDT Row Count Reconciliation

 9.1

CVE-2021-33705

Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal

 8.1

CVE-2021-33700

Missing Authentication check in SAP Business One

 7

CVE-2021-33691

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)

 6.9

CVE-2021-33695

Multiple Vulnerabilities in SAP Cloud Connector

 6.8

CVE-2021-33704

Missing Authorisation Check in SAP Business One (Service Layer)

 6.3

CVE-2021-21473

Missing Authorisation check in SAP NetWeaver AS ABAP and ABAP Platform

 6.3

CVE-2021-33696

Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)

 5.4

CVE-2021-33697

Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)

 4.7

For the full list of security patches released by SAP, please refer to:
https://wiki.scn.sap.com/wiki/plugins/servlet/mobile?contentId=582222806#content/view/582222806

Back to top