Child pages
  • SAP Security Patch Day – November 2021
Skip to end of metadata
Go to start of metadata

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

On 9th of November 2021, SAP Security Patch Day saw the release of 5 Security Notes. There were 2 updates to previously released Patch Day Security Notes.

List of security notes released on November Patch Day:

3099776[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel
Product SAP ABAP Platform Kernel, Versions - 7.77, 7.81, 7.85, 7.86
Hot News9.6
3110328[CVE-2021-40502] Missing Authorization check in SAP Commerce
Product - SAP Commerce, Versions - 2105.3, 2011.13, 2005.18, 1905.34
2971638Update to Security Note released on October 2020 Patch Day:
[CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused
Product- CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run), Versions - 9.7, 10.1, 10.5, 10.7
3080106[CVE-2021-40503] Information Disclosure in SAP GUI for Windows
Product SAP GUI for Windows, Versions - < 7.60 PL13, 7.70 PL4
3104456[CVE-2021-42062] Missing Authorization check in SAP ERP HCM
Product SAP ERP HCM Portugal, Versions - 600, 604, 608
3068582Update to Security Note released on September 2021 Patch Day:
[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR
Product - SAP ERP Financial Accounting (RFOPENPOSTING_FR) , Versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105 
3105728[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform
Product SAP NetWeaver AS for ABAP and ABAP Platform, Versions - 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756

, ________________________________________________________________________________

Vulnerability Type Distribution -  November 2021

#Multiple vulnerabilities on same product can be fixed by one security note. 

Security Notes vs Priority Distribution (June – November 2021)**

* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

Customers who would like to take a look at all Security Notes published or updated after October 12, 2021, go to Launchpad Expert Search → Filter 'SAP Security Notes' released between 'October 13, 2021 - November 9, 2021' → Go.

To know more about the security researchers and research companies who have contributed for security patches of this month, visit SAP Product Security Response Acknowledgement Page.

Do write to us at with all your comments and feedback on this blog post.

SAP Product Security Response Team

  • No labels