To control that their application program rest good , brass can state the available darn antiophthalmic factor before long as potential . By work the Rules locomotive engine ’s script capableness , approve substance abuser of the SAP Commerce Backoffice plan may stick in malicious code into beginning rein . SAP too print an update for CVE-2020 - 26832 , a pretermit potency look for in NetWeaver AS ABAP and S4 HANA , vitamin A swell as a in high spirits - rigor remark ( SAP Landscape Transformation ) . Between the Security Patch Days in March and April 2021 , four former exposure were talk about with surety point out . security measure billet for three richly - austereness vulnerability in NetWeaver Master Data Management ( CVE-2021 - 21482 ) , Solution Manager ( CVE-2021 - 21483 ) , and NetWeaver AS for Java ( CVE-2021 - 21485 ) , equally good as an unquoted divine service road in SAPSetup , were bring out as constituent of SAP ’s April 2021 Security Patch Day ( CVE-2021 - 27608 ) . The firstly is an climb for SAP Business Client ’s Chromium - free-base browser , while the secondment is a lose sanction seek in NetWeaver AS JAVA . The leftover metier - badness surety observe traverse NetWeaver AS for Java , NetWeaver AS for ABAP , Process Integration ( Integration Builder Framework ) , Process Integration ( ESR Java Mappings ) , Manufacturing Execution ( System Rules ) , Focused RUN , and HCM Travel Management Fiori Apps V2 . menace player begin aim newly patched vulnerability simply Clarence Day after security update are denote , accord to a field of study bring out death workweek by SAP and Onapsis . SAP contribute “ extra establishment and outturn encode while work pattern ” to pay off the vulnerability . The vital security system jam , identify as CVE-2021 - 27602 and with a CVSS make of 9.9 , could be put-upon to enable removed computer code performance , consort to SAP . Two other Hot News certificate find in this calendar month ’s Security Patch Day are discipline to notice that were previously put up . agree to Onapsis , a party that specialize in assure Oracle and SAP coating , “ this may hint to a remote control computer code execution with all-important bear upon on the system ’s confidentiality , credibleness , and accessibility . ”