Security vulnerabilities for the month of July 2021:
CVE-2021-27610 – Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Base Score 9.0
Affected component: SAP NetWeaver ABAP Server and ABAP platform
The ABAP Server does not differentiate as to whether communication via RFC or http is taking place between the application server in the same SAP environment or with a server outside the environment. Attackers are therefore able to read ‘credentials’ from internal communication. Multiple other attack scenarios are thus conceivable.
We recommend that you patch this vulnerability immediately!
CVE-2021-34527/CVE-2021-34458/ CVE-2021-34450/ CVE-2021-34474/ CVE-2021-34494
– Remote Code Execution
Base Score 8.0 – 9.9
Affected component: Printer Spooler, Windows DNS Server, Exchange Server, Hyper-V, Windows Kernel
There are multiple vulnerabilities in the above components that allow code to be run through the network. The most significant of these is the well known Print Spooler Nightmare vulnerability. We urgently recommend updating this.
The additional vulnerabilities in Windows DNS Server and Exchange Server should also be patched promptly.
For other components, it will depend on the constellation that you are using. In general, we recommend downloading the current updates here also.
SUSE-SU-2021:2105 – Security Update for salt
Base Score critical
Affected component: salt stack
There is a vulnerability in the salt stack that can be exploited.
Please patch this vulnerability immediately upon using the relevant component.
CVE-2021-22928 – Citrix Virtual Apps and Desktops Security Update
Base Score high
Affected component: Citrix Virtual Apps and Desktops
There is a security vulnerability in Citrix Virtual Apps and desktops allowing a user of Windows VDA with an installation of the Citrix Profile Management or Citrix Profile Management WMI plugins gain greater rights.
If you are using this component, you should look at this issue.
If you have any questions or are not sure how to handle the security risks named above, don’t hesitate to contact us.
We will help you to be more secure!