SAP refused to disclose which CVEs were assigned to vulnerabilities reported by our researcher Mikhail Klyuchnikov, if any. Three subsequent letters remain unanswered. We believe the CVEs to be CVE-2021-33690 (CVSS 9.9) and CVE-2021-33691 (CVSS 6.9) in the August hotfix. Join the discussion on Twitter: https://twitter.com/ptswarm/status/1433070547399757824 422 views14:28