A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No Advisories for SAP Related Vulnerabilities

Hi All,

We don't see correct number of advisories related to SAP products in Flexera portal. There are multiple extremely critical advisories issues by SAP in past weeks but there is no information in Flexera.

Can we know the reason of this.

Attaching here the portal where all the SAP advisories are being issued along with the page of Flexera where no information available.

 

SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

 

(3) Replies
raslam
By Level 7 Flexeran
Level 7 Flexeran

Hello, 

We have investigated based on the information provided by you. Apparently, we have issued all advisories for the product which are available in our database. If any product is not available in our DB, we don't issue an advisory for that. 

Please note: If the product is not part of our vulnerability database, we encourage our customers to suggest the product via SVR > Research > Product Database > Suggest Software. Once a product will be added to the database, we don't issue advisory retroactivity; instead, the customer will receive the future advisories for that product. 

For example: 

CVE-2021-33698 CVE-2021-33700 CVE-2021-33704

SAP Business One version 10.x is not available in our product DB, and therefore we haven't issued an advisory. 

CVE-2021-33690 CVE-2021-33700

SA103633 ( Advisory issued)

CVE-2021-33701

DMIS Mobile Plug-In is not available in our product DB

SAP S/4HANA, we are still investigating and will get back to you. 

CVE-2021-33705 CVE-2021-33703 CVE-2021-33702

SA103567 ( Advisory issued)

CVE-2021-33699

SAP Fiori Client Native Mobile for Android is not available in our product DB

CVE-2021-33691 CVE-2021-33690

SA103633 ( Advisory issued)

CVE-2021-33695

SAP Cloud Connector, Version - 2.0 is not available in our product DB

CVE-2021-21473

SA102509 ( Advisory issued)

CVE-2021-33707

SA103634 ( Advisory issued)

CVE-2021-33697 CVE-2021-33696

SA103576 ( Advisory issued)

We hope this clarifies, and please make sure you have suggested the products via your SVR for future advisories. 

Regards,

Raheel 

Hello Aslam,

I am not at all satisfied with the resolution you are giving.

It was very clear that if we want all advisories related to any product no matter which version then we need to choose "product" option and if we want advisories specific to the version then we can choose "product version" option. "SAP Business One" is very much known product in the market and as per you we need to keep informing you as soon as there is new version released if that is the case then what is your job to do. we spent huge amount of money in buying this service and you are offering the service which is freely available in the public forum.

Let us know how we can deal with this problem ?

I will reach out to you directly to discuss further.