Skip to main content

SAP Releases June 2021 Security Updates

Scheduled updates for SAP products
Threat ID:
CC-3882
Threat Severity:
Information only
Published:
9 June 2021 11:12 AM
Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Affected platforms

The following platforms are known to be affected:
  • SAP 3D Visual Enterprise Viewer, Version: 9

  • SAP Business One, Version : 10.0

  • SAP Commerce, Versions: 1808, 1811, 1905, 2005, 2011

  • SAP Commerce Cloud, Version: 100

  • SAP Enable Now (SAP Workforce Performance Builder - Manager), Versions: 10.0, 1.0

  • SAP Fiori Apps 2.0 for Travel Management in SAP ERP, Version: 608

  • SAP Manufacturing Execution, Versions: 15.1, 1.5.2, 15.3, 15.4

  • SAP NetWeaver AS for JAVA, Versions: 7.20, 7.30, 7.31, 7.40, 7.50

  • SAP NetWeaver AS (Internet Graphics Server – Portwatcher), Versions: 7.20, 7.20EXT, 7.53, 7.20_EX2, 7.81

  • SAP NetWeaver AS ABAP and ABAP Platform, Versions: 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804

  • SAP NetWeaver AS for ABAP (RFC Gateway), Versions: KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83

  • SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT), Versions: 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755  

  • SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73

  • SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83

  • SAP NetWeaver AS for ABAP (Web Survey), Versions: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F

  • SAP NetWeaver AS ABAP, Versions: KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, 7.84

  • SAP NetWeaver AS for Java (UserAdmin), Versions: 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

  • SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), Versions: SAP_UI – 750, 752, 753, 754, 755, SAP_BASIS – 702, 31

  • SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), Versions: KRNL64NUC - 7.49, KRNL64UC - 7.49, 7.53, KERNEL - 7.49, 7.53, 7.77, 7.81, 7.84

Threat details

Introduction

SAP has released security updates to address vulnerabilities affecting multiple SAP products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the SAP Security Notes for June 2021 and apply the necessary updates.

Last edited: 10 June 2021 12:21 pm