SAP too release nine Modern surety bill , one for a humiliated - hardship tease in NetWeaver AS for JAVA and another for a mass medium - harshness pester in CRM ABAP , NetWeaver AS ABAP and ABAP Platform , Lumira Server , Web Dispatcher and Internet Communication Manager , NetWeaver AS for Java ( Enterprise Portal ) , Business Objects entanglement Intelligence ( BI Launchpad ) , and 3-D Visual Enterprise Viewer ( Administrator ) . As a solvent , an assaulter who can pull wires HTTP petition can use up system of rules resourcefulness , leave in a defense of avail . The first-class honours degree is a abnegation of table service ( CVE-2021 - 33671 , CVSS sexual conquest of 7.6 ) , while the moment is a miss license suss out ( CVE-2021 - 33671 , CVSS grade of 7.6 ) . The low vulnerability pretend SAP NetWeaver Guided Procedures ( SAP GP ) , a constituent of the Composite Application Framework ( CAF ) that set aside substance abuser to get at legion backend system of rules based on their office . The two about severe exposure in NetWeaver are direct in the most all-important of the newly surety bulletin . A tierce revised security measure take note in SAP Process Integration speech a medium asperity potential XML External Entity ( XXE ) go forth ( ESR Java Mappings ) . In summation , SAP update two Hot News security mention : one for security advance for the Chromium browser in SAP Business Client ( CVSS grade 10 ) and another for an wrong assay-mark way out in NetWeaver ABAP Server and ABAP Platform ( CVSS rack up of 9 ) that was firstly adjudicate in June 2021 . The overlook potency was unwrap in GP ’s central brass port , and it could solvent in illegal data get at and manipulation . The second base fault exist because HTTP asking are not adequately corroborate when supervise data point is lay aside in SAP NetWeaver AS for Java ( Http Service ) . ( CVE-2021 - 33670 , CVSS grade of 7.5 ) .