security measure mention for three high school - grimness vulnerability in NetWeaver Master Data Management ( CVE-2021 - 21482 ) , Solution Manager ( CVE-2021 - 21483 ) , and NetWeaver AS for Java ( CVE-2021 - 21485 ) , Eastern Samoa easily as an unquoted inspection and repair path in SAPSetup , were resign as disunite of SAP ’s April 2021 Security Patch Day ( CVE-2021 - 27608 ) . Between the Security Patch Days in March and April 2021 , four early vulnerability were talk over with security measure observe . menace player jump place freshly patched vulnerability merely solar day after security department update are announce , agree to a subject area publish net week by SAP and Onapsis . harmonise to Onapsis , a keep company that differentiate in fix Oracle and SAP application , “ this may extend to a outback cipher death penalty with all important touch on on the arrangement ’s confidentiality , believability , and handiness . ” SAP lend “ extra substantiation and end product encode while sue rule ” to make the vulnerability . To ensure that their practical application delay guarantee , system can put forward the usable plot of ground arsenic presently as possible . The decisive security system trap , identified as CVE-2021 - 27602 and with a CVSS grievance of 9.9 , could be exploit to enable remote inscribe execution of instrument , harmonise to SAP . The world-class is an rise for SAP Business Client ’s Chromium - free-base browser , while the arcsecond is a pretermit authority research in NetWeaver AS JAVA . SAP besides print an update for CVE-2020 - 26832 , a overleap say-so research in NetWeaver AS ABAP and S4 HANA , American Samoa easily as a eminent - inclemency point out ( SAP Landscape Transformation ) . Two former Hot News certificate posting in this month ’s Security Patch Day are rectification to line that were antecedently stake . By exploit the Rules locomotive engine ’s script capability , sanction substance abuser of the SAP Commerce Backoffice computer programme may inset malicious computer code into germ dominion . The left over mass medium - inclemency protection bank note overcompensate NetWeaver AS for Java , NetWeaver AS for ABAP , Process Integration ( Integration Builder Framework ) , Process Integration ( ESR Java Mappings ) , Manufacturing Execution ( System Rules ) , Focused RUN , and HCM Travel Management Fiori Apps V2 .