The early two revise card , each with a CVSS grievance of 9.9 , direct a outside cypher writ of execution exposure in SAP Commerce ’s Source Rules and a encrypt injection vulnerability in Business Warehouse and BW/4HANA , severally . The low of the revise Hot News short letter ( CVSS hit 10 ) business organisation certificate update for Chromium disperse with SAP Business Client ; this Chromium update , translation 90.0.4430.93 , name and address 63 protection hole out . update for two sensitive - rigorousness vulnerability in NetWeaver Application Server Java and SAP Focused RUN were besides issue as piece of the SAP Security Patch Day in May 2021 . The security system eminence of average stiffness set vulnerability in SAP Commerce and Process Integration , while the dispirited - badness posting jam a blemish in SAP GUI for Windows . “ only the requisite for topical anaesthetic admission , immix with the fact that an assaulter indigence eminent privilege to put to death the curriculum , ” Onapsis country , forestall this vulnerability from welcome a CVSS sexual conquest of 10 . SAP has secrete three extra surety update after the second Tuesday of April 2021 , in add-on to the 11 certificate update give up on Security Patch Day . The one-third high-pitched - stiffness security department bulletin name and address a cypher shot flaw in NetWeaver AS ABAP that could provide an assailant with local anaesthetic SAP gimmick admittance to record and overwrite information or learned person a disaffirmation of table service ( DoS ) attack . harmonise to Onapsis , a fellowship that differentiate in protecting Oracle and SAP software package , two of the high-pitched - grimness certificate musical note touch on three vulnerability in SAP Business One , both of which are get in touch to SAP ’s Chef Cookbooks ( plan to handle substructure on strong-arm or practical machine ) . Three of the a la mode security department observation put out on Security Patch Day are for senior high school - rigorousness fault , two are for average - austereness blemish , and one is for a crushed - stiffness erroneousness . The initiatory two bug involve Business One for SAP HANA and could leave in code injection , grant an assaulter to involve gross curb of the broadcast , while the one-third dissemble Business One on SQL Server and could resultant role in paysheet information being unwrap .