Site icon The Cybersecurity Daily News

SAP NetWeaver and other critical vulnerabilities security patches released by SAP

SAP NetWeaver

CyberDaily: Cybersecurity news

In its latest security updates, tech giant SAP released nine security patches including fixes for SAP NetWeaver and two other newly detected vulnerabilities.

The SAP MII Vulnerability:

One of them is a vulnerability found in the SAP Manufacturing Integration and Intelligence(MII) application. This was a critical code injection vulnerability, tracked as CVE-2021-21480, that gained a near-maximum severity CVSS grade of 9.9. 

SAP MII is an application for coordinating manufacturing operations with back-office business processes and standardized data.

It also provides analytics and workflow tools for determining issues in the production process and helps to enhance its performance.

The SAP NetWeaver vulnerability:

The other vulnerability is one in the SAP NetWeaver application which is a software stack for many of SAP SE’s applications.

A lacking administrative authorization check in the SAP NetWeaver has eared a similar critical rating on the CVSS score of 9.6. This vulnerability is tracked as  CVE-2021-21481.

The SAP HANA vulnerability:

Perhaps, a vulnerability in the SAP HANA LDAP is one of the most remarkable barring the aforementioned.

SAP HANA is an in-memory, column-guided, relational database management system whose primary function is to store and retrieve data as requested by the applications.

Also read,

This seemingly severe vulnerability, tracked as CVE-2021-21484, is a prospective authentication bypass vulnerability that could have implemented the illegal circumvention of the application.

The vulnerability results in the bypassing of the LDAP authentication in the HANA Database version 2.0 if the attached LDAP directory server has enabled unattested link configuration.

Other security updates screen less stringent vulnerabilities in SAP’s enterprise software packages.

Exit mobile version