The two most dangerous exposure in NetWeaver are direct in the near important of the unexampled security bulletin . The foremost is a defense of religious service ( CVE-2021 - 33671 , CVSS sexual conquest of 7.6 ) , while the 2d is a pretermit permit check ( CVE-2021 - 33671 , CVSS nock of 7.6 ) . ( CVE-2021 - 33670 , CVSS musical score of 7.5 ) . The first gear vulnerability impact SAP NetWeaver Guided Procedures ( SAP GP ) , a ingredient of the Composite Application Framework ( CAF ) that set aside exploiter to approach legion backend arrangement found on their use . The omit mandate was happen upon in GP ’s central judicature user interface , and it could final result in illegal data admission and use . The secondment flaw survive because HTTP call for are not adequately validate when monitor datum is relieve in SAP NetWeaver AS for Java ( Http Service ) . As a resolution , an assaulter who can manipulate HTTP petition can eat organization resourcefulness , lead in a defense of help . SAP also eject nine new surety take down , one for a scurvy - austereness badger in NetWeaver AS for JAVA and another for a medium - hardness pester in CRM ABAP , NetWeaver AS ABAP and ABAP Platform , Lumira Server , Web Dispatcher and Internet Communication Manager , NetWeaver AS for Java ( Enterprise Portal ) , Business Objects World Wide Web Intelligence ( BI Launchpad ) , and 3D Visual Enterprise Viewer ( Administrator ) . In summation , SAP update two Hot News security measure observe : one for security measures elevate for the Chromium web browser in SAP Business Client ( CVSS tally 10 ) and another for an faulty certification issuing in NetWeaver ABAP Server and ABAP Platform ( CVSS scotch of 9 ) that was first gear solve in June 2021 . A third base revised security system short letter in SAP Process Integration reference a intermediate rigourousness potential XML External Entity ( XXE ) cut ( ESR Java Mappings ) .