Skip to main content

SAP Releases June 2021 Security Updates

Threat ID:
CC-3882
Threat Severity:
Information only
Published:
9 June 2021 11:12 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

SAP 3D Visual Enterprise Viewer, Version: 9

SAP Business One, Version : 10.0

SAP Commerce, Versions: 1808, 1811, 1905, 2005, 2011

SAP Commerce Cloud, Version: 100

SAP Enable Now (SAP Workforce Performance Builder - Manager), Versions: 10.0, 1.0

SAP Fiori Apps 2.0 for Travel Management in SAP ERP, Version: 608

SAP Manufacturing Execution, Versions: 15.1, 1.5.2, 15.3, 15.4

SAP NetWeaver AS for JAVA, Versions: 7.20, 7.30, 7.31, 7.40, 7.50

SAP NetWeaver AS (Internet Graphics Server – Portwatcher), Versions: 7.20, 7.20EXT, 7.53, 7.20_EX2, 7.81

SAP NetWeaver AS ABAP and ABAP Platform, Versions: 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804

SAP NetWeaver AS for ABAP (RFC Gateway), Versions: KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83

SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT), Versions: 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755  

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83

SAP NetWeaver AS for ABAP (Web Survey), Versions: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F

SAP NetWeaver AS ABAP, Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, 7.84

SAP NetWeaver AS for Java (UserAdmin), Versions: 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), Versions: SAP_UI – 750, 752, 753, 754, 755, SAP_BASIS – 702, 31

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), Versions: KRNL64NUC - 7.49, KRNL64UC - 7.49, 7.53, KERNEL - 7.49, 7.53, 7.77, 7.81, 7.84

Threat details

Introduction

SAP has released security updates to address vulnerabilities affecting multiple SAP products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the SAP Security Notes for June 2021 and apply the necessary updates.

Last edited: 10 June 2021 1:21 pm