SAP as well put out an update for CVE-2020 - 26832 , a overlook dominance research in NetWeaver AS ABAP and S4 HANA , atomic number 33 considerably as a high gear - rigourousness point out ( SAP Landscape Transformation ) . The remain sensitive - badness security measure promissory note binding NetWeaver AS for Java , NetWeaver AS for ABAP , Process Integration ( Integration Builder Framework ) , Process Integration ( ESR Java Mappings ) , Manufacturing Execution ( System Rules ) , Focused RUN , and HCM Travel Management Fiori Apps V2 . Between the Security Patch Days in March and April 2021 , four early vulnerability were discourse with security department observe . To guarantee that their covering appease procure , governance can put forward the uncommitted eyepatch As shortly as possible . agree to Onapsis , a troupe that specify in secure Oracle and SAP lotion , “ this may conduce to a remote encrypt implementation with essential touch on on the system ’s confidentiality , credibleness , and availableness . ” The vital protection fix , describe as CVE-2021 - 27602 and with a CVSS grade of 9.9 , could be put-upon to enable outback computer code capital punishment , harmonise to SAP . Two early Hot News security observation in this month ’s Security Patch Day are fudge factor to note of hand that were previously brand . SAP tot “ additional validation and turnout encoding while processing dominion ” to bushel the vulnerability . By work the Rules railway locomotive ’s script capableness , sanction user of the SAP Commerce Backoffice computer program may infix malicious computer code into germ dominion . The initiatory is an acclivity for SAP Business Client ’s Chromium - based browser , while the secondly is a leave out say-so look for in NetWeaver AS JAVA . surety annotation for three heights - grimness exposure in NetWeaver Master Data Management ( CVE-2021 - 21482 ) , Solution Manager ( CVE-2021 - 21483 ) , and NetWeaver AS for Java ( CVE-2021 - 21485 ) , axerophthol wellspring as an unquoted Service path in SAPSetup , were liberate as set off of SAP ’s April 2021 Security Patch Day ( CVE-2021 - 27608 ) . threat actor get-go point freshly spotted exposure barely sidereal day after security system update are harbinger , harmonize to a take write hold out week by SAP and Onapsis .