German enterprise software company SAP has rolled out 19 new and updated security notes, including for nine new vulnerabilities that have been rated high severity or critical.
The high-severity vulnerabilities patched by the company include an SSRF issue in NetWeaver Enterprise Portal and two cross-site scripting (XSS) flaws. Researchers at Onapsis – a firm that is dedicated to protecting business-critical applications – discovered the vulnerabilities.
CVE-2021-33698, an unrestricted file upload vulnerability affecting SAP Business One, is one of the critical vulnerabilities. According to Onapsis, an attacker can exploit the flaw to upload script files, implying that it could be used for arbitrary code execution.
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.