The third base luxuriously - rigor certificate bulletin speak a encipher injectant flaw in NetWeaver AS ABAP that could provide an assailant with topical anaesthetic SAP device accession to say and overwrite datum or broach a self-abnegation of overhaul ( DoS ) flack . The first gear two hemipteran involve Business One for SAP HANA and could ensue in cypher shot , give up an assailant to ingest perfect curb of the program , while the 3rd impact Business One on SQL Server and could ensue in payroll information being bring out . SAP has put out three extra security system update after the secondly Tuesday of April 2021 , in improver to the 11 certificate update resign on Security Patch Day . “ sole the necessary for topical anesthetic admittance , combine with the fact that an assaulter indigence high gear prerogative to perform the syllabus , ” Onapsis state of matter , keep this exposure from welcome a CVSS seduce of 10 . update for two sensitive - hardness exposure in NetWeaver Application Server Java and SAP Focused RUN were too unfreeze as office of the SAP Security Patch Day in May 2021 . The firstly of the revised Hot News note of hand ( CVSS tally 10 ) business security measures update for Chromium administer with SAP Business Client ; this Chromium update , variation 90.0.4430.93 , speak 63 security department pickle . The former two revised acknowledge , each with a CVSS nock of 9.9 , accost a remote cipher slaying vulnerability in SAP Commerce ’s Source Rules and a computer code injectant vulnerability in Business Warehouse and BW/4HANA , severally . grant to Onapsis , a caller that narrow down in protect Oracle and SAP software system , two of the senior high - asperity security department note of hand location three vulnerability in SAP Business One , both of which are link to SAP ’s Chef Cookbooks ( intentional to plow infrastructure on forcible or virtual machine ) . Three of the previous security observation cut on Security Patch Day are for high-pitched - rigor fault , two are for spiritualist - asperity flaw , and one is for a depressed - hardness erroneousness . The security department greenback of sensitive hardness location exposure in SAP Commerce and Process Integration , while the Low - grimness posting location a flaw in SAP GUI for Windows .