Skip to main content

SAP Releases April 2021 Security Updates

Threat ID:
CC-3821
Threat Severity:
Information only
Published:
14 April 2021 12:00 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

SAP Business Client, Version: 6.5

SAP Commerce, Versions: 1808, 1811, 1905, 2005, 2011

SAP NetWeaver AS JAVA (MigrationService), Versions: 7.10, 7.11, 7.30, 7.31, 7.40, 7.50

SAP NetWeaver Master Data Management, Versions : 710, 710.750

SAP Solution Manager Version: 7.20

SAP NetWeaver AS ABAP (SAP Landscape Transformation - DMIS) Versions: 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020

SAP S4 HANA (SAP Landscape Transformation) Versions: 101, 102, 103, 104, 105 

SAP Setup Version: 9.0

SAP NetWeaver AS for JAVA (Telnet Commands) Versions: ENGINEAPI - 7.30, 7.31, 7.40, 7.50, ESP_FRAMEWORK - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SERVERCORE - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, J2EE-FRMW - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50

SAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet) Versions: 7.31, 7.40, 7.50

SAP NetWeaver AS for ABAP Versions: 7.30, 7.31, 7.40, 7.50

SAP Process Integration (Integration Builder Framework) Versions: 7.10, 7.30, 7.31, 7.40, 7.50

SAP Process Integration (Enterprise Service Repository JAVA Mappings) Versions: 7.10, 7.20, 7.30, 7.31, 7.40, 7.50

SAP Manufacturing Execution (System Rules) Versions: 15.1, 15.2, 15.3, 15.4

SAP NetWeaver AS for Java (Applications based on HTMLB for Java) Version: - EP-BASIS - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, FRAMEWORK-EXT - 7.30, 7.31, 7.40, 7.50, FRAMEWORK - 7.10, 7.11

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) Versions: 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50

SAP Focused RUN Versions: 200, 300

SAP NetWeaver AS for JAVA (HTTP Service) Versions: 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 

SAP Fiori Apps 2.0 for Travel Management in SAP ERP Version: 608

Threat details

Introduction

SAP has released security updates to address vulnerabilities affecting multiple SAP products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Organisations are encouraged to review the SAP Security Notes for April 2021 and apply the necessary updates.

Last edited: 14 April 2021 4:09 pm