You are not using a modern browser version. As a result, the website may not be displayed correctly. You can find more information here.

IT Security – security vulnerabilities for the month of July 2021

Table of Contents

Security vulnerabilities for the month of July 2021:

SAP

CVE-2021-27610 – Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

Base Score 9.0

Affected component: SAP NetWeaver ABAP Server and ABAP platform

The ABAP Server does not differentiate as to whether communication via RFC or http is taking place between the application server in the same SAP environment or with a server outside the environment. Attackers are therefore able to read ‘credentials’ from internal communication. Multiple other attack scenarios are thus conceivable.

We recommend that you patch this vulnerability immediately!

Microsoft

CVE-2021-34527/CVE-2021-34458/ CVE-2021-34450/ CVE-2021-34474/ CVE-2021-34494

– Remote Code Execution

Base Score 8.0 – 9.9

Affected component: Printer Spooler, Windows DNS Server, Exchange Server, Hyper-V, Windows Kernel

There are multiple vulnerabilities in the above components that allow code to be run through the network. The most significant of these is the well known Print Spooler Nightmare vulnerability. We urgently recommend updating this.

The additional vulnerabilities in Windows DNS Server and Exchange Server should also be patched promptly.

For other components, it will depend on the constellation that you are using. In general, we recommend downloading the current updates here also.

SUSE

SUSE-SU-2021:2105 – Security Update for salt

Base Score critical

Affected component: salt stack

There is a vulnerability in the salt stack that can be exploited.

Please patch this vulnerability immediately upon using the relevant component.

Citrix

CVE-2021-22928 – Citrix Virtual Apps and Desktops Security Update

Base Score high

Affected component: Citrix Virtual Apps and Desktops

There is a security vulnerability in Citrix Virtual Apps and desktops allowing a user of Windows VDA with an installation of the Citrix Profile Management or Citrix Profile Management WMI plugins gain greater rights.

If you are using this component, you should look at this issue.

If you have any questions or are not sure how to handle the security risks named above, don’t hesitate to contact us.

We will help you to be more secure!

Contact us!

    I hereby consent to my personal data being collected, processed, and used for the purpose of processing my inquiry. I may revoke my consent anytime without stating my reasons for doing so. More information can be found in our privacy statement.

    E-Book: Was ist SAP S/4HANA?
    Alles über das aktuelle ERP von SAP

    Vor dem ERP-Umstieg stellen sich viele Fragen, etwa nach Deployment-Optionen, Funktionen, Migrationsszenarien oder Vorteilen. Die Antworten gibt unser E-Book.

    • Welche Funktionen bringt SAP S/4HANA mit?
    • Welche Vorteile bietet SAP S/4HANA?
    • Wie ist SAP S/4HANA aufgebaut?
    • Was kostet SAP S/4HANA?
    • Wie erfolgt der Umstieg meines ERPs auf SAP S/4HANA?
    Unser News Update

    Bleiben Sie auf dem Laufenden und erhalten Sie einmal im Monat unser News Update mit neuen Themen, Downloads und Events direkt in Ihr Postfach.

      Weitere Informationen finden Sie in unserer Datenschutzerklärung.

        Weitere Informationen finden Sie in unserer Datenschutzerklärung.