This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No Advisories for SAP Related Vulnerabilities

ayushkrones
By
Level 3

Hi All,

We don't see correct number of advisories related to SAP products in Flexera portal. There are multiple extremely critical advisories issues by SAP in past weeks but there is no information in Flexera.

Can we know the reason of this.

Attaching here the portal where all the SAP advisories are being issued along with the page of Flexera where no information available.

 

SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

 

‎Aug 19, 2021 04:18 AM

Preview file
96 KB
Preview file
108 KB
0 Kudos
(3) Replies

raslam
By Level 7 Flexeran
Level 7 Flexeran

Hello, 

We have investigated based on the information provided by you. Apparently, we have issued all advisories for the product which are available in our database. If any product is not available in our DB, we don't issue an advisory for that. 

Please note: If the product is not part of our vulnerability database, we encourage our customers to suggest the product via SVR > Research > Product Database > Suggest Software. Once a product will be added to the database, we don't issue advisory retroactivity; instead, the customer will receive the future advisories for that product. 

For example: 

CVE-2021-33698 CVE-2021-33700 CVE-2021-33704

SAP Business One version 10.x is not available in our product DB, and therefore we haven't issued an advisory. 

CVE-2021-33690 CVE-2021-33700

SA103633 ( Advisory issued)

CVE-2021-33701

DMIS Mobile Plug-In is not available in our product DB

SAP S/4HANA, we are still investigating and will get back to you. 

CVE-2021-33705 CVE-2021-33703 CVE-2021-33702

SA103567 ( Advisory issued)

CVE-2021-33699

SAP Fiori Client Native Mobile for Android is not available in our product DB

CVE-2021-33691 CVE-2021-33690

SA103633 ( Advisory issued)

CVE-2021-33695

SAP Cloud Connector, Version - 2.0 is not available in our product DB

CVE-2021-21473

SA102509 ( Advisory issued)

CVE-2021-33707

SA103634 ( Advisory issued)

CVE-2021-33697 CVE-2021-33696

SA103576 ( Advisory issued)

We hope this clarifies, and please make sure you have suggested the products via your SVR for future advisories. 

Regards,

Raheel 

‎Aug 19, 2021 09:10 AM - edited ‎Aug 19, 2021 09:22 AM

0 Kudos

ayushkrones
By
Level 3
In response to raslam

Hello Aslam,

I am not at all satisfied with the resolution you are giving.

It was very clear that if we want all advisories related to any product no matter which version then we need to choose "product" option and if we want advisories specific to the version then we can choose "product version" option. "SAP Business One" is very much known product in the market and as per you we need to keep informing you as soon as there is new version released if that is the case then what is your job to do. we spent huge amount of money in buying this service and you are offering the service which is freely available in the public forum.

Let us know how we can deal with this problem ?

‎Aug 26, 2021 01:24 PM

0 Kudos

bkelly
By
Flexera Alumni
In response to ayushkrones

I will reach out to you directly to discuss further.

‎Aug 30, 2021 03:01 PM

Top Kudoed Authors
View all