Today SAP published 13 Security Notes, two of which were tagged as ‘Hot News’ items. These two bugs were discovered a few months ago by the Onapsis Research Labs and represents the most critical updates to patch in order to properly protect your SAP Systems.
Yesterday, Oracle released its quarterly Critical Patch Update (CPU) to provide customers with detailed information about the latest vulnerabilities affecting Oracle business critical applications. This post will help Oracle customers better understand and prioritize the implementation of patches and testing of vulnerabilities on these systems within their organization.
In this CPU, Oracle published 253 patches which affect 76 different Oracle products. We will analyze the Critical Patch Update and then will focus on the Oracle E-Business Suite vulnerabilities.
Today, SAP released their monthly security notes. This month, there are 23 new SAP notes that contain new switchable authorization checks in RFC, and 7 SAP notes for missing authorization checks. This month’s security notes also includes 29 note updates from previously published security notes.
In today’s evolving IT landscape, companies are constantly planning their next steps when it comes to business-critical application security. Specifically, they are planning these steps around their SAP environment which supports core business processes for some of the world’s largest organizations. When it comes to migrating SAP solutions to the cloud, different roadmaps are regularly being assembled and developed in order to properly transfer solutions that were traditionally supported by on premise SAP systems to a diverse range of cloud offerings provided by SAP.
Today, the Onapsis Research Labs released 14 advisories for SAP and 6 for Oracle E-Business Suite. All of the SAP advisories pertain to SAP NetWeaver - the technical integration platform on top of which enterprise and business solutions are developed and run. Half of these advisories for SAP NetWeaver relate to remote command execution vulnerabilities, which will be explained later in this post. On the Oracle side, all six advisories relate to cross-site scripting (XSS) attacks on the core business application Oracle E-Business Suite.