A new Flexera Community experience is coming on November 25th. Click here for more information.
Hi All,
We don't see correct number of advisories related to SAP products in Flexera portal. There are multiple extremely critical advisories issues by SAP in past weeks but there is no information in Flexera.
Can we know the reason of this.
Attaching here the portal where all the SAP advisories are being issued along with the page of Flexera where no information available.
SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki
Aug 19, 2021 04:18 AM
Hello,
We have investigated based on the information provided by you. Apparently, we have issued all advisories for the product which are available in our database. If any product is not available in our DB, we don't issue an advisory for that.
Please note: If the product is not part of our vulnerability database, we encourage our customers to suggest the product via SVR > Research > Product Database > Suggest Software. Once a product will be added to the database, we don't issue advisory retroactivity; instead, the customer will receive the future advisories for that product.
For example:
CVE-2021-33698 CVE-2021-33700 CVE-2021-33704
SAP Business One version 10.x is not available in our product DB, and therefore we haven't issued an advisory.
CVE-2021-33690 CVE-2021-33700
SA103633 ( Advisory issued)
CVE-2021-33701
DMIS Mobile Plug-In is not available in our product DB
SAP S/4HANA, we are still investigating and will get back to you.
CVE-2021-33705 CVE-2021-33703 CVE-2021-33702
SA103567 ( Advisory issued)
CVE-2021-33699
SAP Fiori Client Native Mobile for Android is not available in our product DB
CVE-2021-33691 CVE-2021-33690
SA103633 ( Advisory issued)
CVE-2021-33695
SAP Cloud Connector, Version - 2.0 is not available in our product DB
CVE-2021-21473
SA102509 ( Advisory issued)
CVE-2021-33707
SA103634 ( Advisory issued)
CVE-2021-33697 CVE-2021-33696
SA103576 ( Advisory issued)
We hope this clarifies, and please make sure you have suggested the products via your SVR for future advisories.
Regards,
Raheel
Aug 19, 2021 09:10 AM - edited Aug 19, 2021 09:22 AM
Hello Aslam,
I am not at all satisfied with the resolution you are giving.
It was very clear that if we want all advisories related to any product no matter which version then we need to choose "product" option and if we want advisories specific to the version then we can choose "product version" option. "SAP Business One" is very much known product in the market and as per you we need to keep informing you as soon as there is new version released if that is the case then what is your job to do. we spent huge amount of money in buying this service and you are offering the service which is freely available in the public forum.
Let us know how we can deal with this problem ?
Aug 26, 2021 01:24 PM
I will reach out to you directly to discuss further.
Aug 30, 2021 03:01 PM