SAP Security Patch Day – November 2021
November has come and the days in Germany are getting shorter and colder. No reason for the SAP Security and Response team not to continue their monthly patching practice! Looking at today’s publication of SAP Security Patch Day, we luckily find only 1 Hot News and 2 High priority corrections.
The month of November 2021 has seen a total of 7 published Security Patches by the SAP Security Response team. Regular visitors of our Dashboard know that this is only half the number of notes we see on average.
This is good news for all SAP customers that execute regular patching to eliminate known vulnerabilities within the SAP product portfolio. Reviewing, validating and applying monthly SAP security corrections can be a tedious task. A low number of SAP patches published in November does reduce manual efforts. Any time gained can be invested into other security-relevant areas such as custom code security or hardening of the SAP environement.
A specific highlight of the November SAP Security Patch Day is the correction in Note 3099776. The patch resolves a severe vulnerability in the trusting RFC technology stack that allows an attacker to gain elevated rights. Customers need to upgrade their Kernel version to resolve the issue. The SAP team also recommends making use of the suggested Update Strategy for the Kernel of the Application Server ABAP in On-Premise Landscapes.
Summary by Severity
The November release contains a total of 7 patches for the following severities: