In this month’s SAP Security Notes, it’s noticeable that the priority of the majority of security notes are higher compared to previous month.
In this month's post we will analyze the January 2017 Oracle Critical Patch Update (CPU) and how it relates to Oracle Business Critical Applications. This CPU is special because the number of vulnerabilities fixed sets a new record for the amount of vulnerabilities fixed in a single CPU for Business Critical Applications. At Onapsis, we believe there are two main factors that contribute to this record breaking number of vulnerabilities in a single CPU. These two factors are the Researchers and of course, Oracle itself.
SAP HANA evolved a lot in 2016, as did security focused on this critical platform. The year ended with the release of the “new generation” version, SAP HANA 2. Starting in early December, customers have been able to upgrade to this new version that SAP explains as big enough not to call it SAP HANA SP13. This new release is another testament to the success of SAP HANA adoption and will continue to increase the amount of customers that are moving to the world of the SAP in-memory database.
So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security.
Since its foundation, the Onapsis Research Labs have been actively helping SAP improve its security by researching and reporting system vulnerabilities. On the second Tuesday of each month, the Onapsis Research Labs publishes a detailed analysis of the latest SAP security notes. This helps to better assist our customers secure their SAP systems from the latest threats, and helps to ensure that our products are designed to continuously detect new vulnerabilities.