You are not using a modern browser version. As a result, the website may not be displayed correctly. You can find more information here.

IT Security – security vulnerabilities for the month of July 2021

Table of Contents

Security vulnerabilities for the month of July 2021:

SAP

CVE-2021-27610 – Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

Base Score 9.0

Affected component: SAP NetWeaver ABAP Server and ABAP platform

The ABAP Server does not differentiate as to whether communication via RFC or http is taking place between the application server in the same SAP environment or with a server outside the environment. Attackers are therefore able to read ‘credentials’ from internal communication. Multiple other attack scenarios are thus conceivable.

We recommend that you patch this vulnerability immediately!

Microsoft

CVE-2021-34527/CVE-2021-34458/ CVE-2021-34450/ CVE-2021-34474/ CVE-2021-34494

– Remote Code Execution

Base Score 8.0 – 9.9

Affected component: Printer Spooler, Windows DNS Server, Exchange Server, Hyper-V, Windows Kernel

There are multiple vulnerabilities in the above components that allow code to be run through the network. The most significant of these is the well known Print Spooler Nightmare vulnerability. We urgently recommend updating this.

The additional vulnerabilities in Windows DNS Server and Exchange Server should also be patched promptly.

For other components, it will depend on the constellation that you are using. In general, we recommend downloading the current updates here also.

SUSE

SUSE-SU-2021:2105 – Security Update for salt

Base Score critical

Affected component: salt stack

There is a vulnerability in the salt stack that can be exploited.

Please patch this vulnerability immediately upon using the relevant component.

Citrix

CVE-2021-22928 – Citrix Virtual Apps and Desktops Security Update

Base Score high

Affected component: Citrix Virtual Apps and Desktops

There is a security vulnerability in Citrix Virtual Apps and desktops allowing a user of Windows VDA with an installation of the Citrix Profile Management or Citrix Profile Management WMI plugins gain greater rights.

If you are using this component, you should look at this issue.

If you have any questions or are not sure how to handle the security risks named above, don’t hesitate to contact us.

We will help you to be more secure!

Contact us!

    I hereby consent to my personal data being collected, processed, and used for the purpose of processing my inquiry. I may revoke my consent anytime without stating my reasons for doing so. More information can be found in our privacy statement.

    Rufen Sie uns an
    +49 6173 3363 000

    Nagarro ES Newsletter
    Newsletter jetzt abonnieren!

    Besuchen Sie uns
    Alle Standorte ansehen

    Checkliste SAP S/4HANA
    Tipps für Ihre Transformation

    Die Checkliste gibt Ihnen Hinweise für Ihre Transformation nach SAP S/4HANA sowie Links zu wichtigen Tools von SAP.

    • Wie Sie Ihr SAP ERP für die Transformation fit machen
    • Welche Analysetools SAP für die ERP-Umstellung anbietet
    • Wichtige Projektphasen der SAP S/4HANA Transformation
    • Welche Rolle die Konsistenz Ihrer Stammdaten spielt
    • Empfehlungen für eine Brownfield-Conversion
    S/4HANA Checkliste Preview