It’s the second Tuesday of the month, meaning another round of monthly SAP notes have been released. Below is our monthly analysis regarding the SAP vulnerabilities fixed, to help you keep your ERP environment safe and protected. For another month, there are no new notes tagged as Hot News, now making a four month streak in which notes of this severity are absent. There is still a need for action however, since three notes were reported as having High priority.
Today is the the second Tuesday of July and as our readers already know that today SAP released its monthly Security Notes. Here is our monthly report on how to improve your ERP security and take care of your most critical information. Today SAP released 16 new security notes, summing up to a total of 23 taking into account the ones published after second Tuesday last month. For the third month in a row there aren’t any notes tagged as Hot News.
As with the second Tuesday of every month, today SAP released its monthly Security Notes to keep your SAP infrastructure secure. This month, SAP published 18 new security notes, and released 11 security notes that were published after May 9th (last patch tuesday), totaling 29 notes that will be analyzed in this post. For the second month in a row there aren’t any notes tagged as Hot News; the most critical risk category that SAP has catalogued for newly discovered vulnerabilities.
As with the second Tuesday of every month, today SAP released its monthly Security Notes to keep your SAP infrastructure secure. This month, SAP published 14 new Security Notes with only one note tagged as High Priority. However, of these 14 notes, four of them are updates to previous publications. Based on the number of fixed vulnerabilities, and the criticality of each, it’s safe to say that this is not a critical patch day for SAP compared to previous months.
As with the second Tuesday of every month, today SAP released its monthly Security Notes. This month, SAP published 19 new Security Notes, as well as a summary of 28 different notes including ones published last patch Tuesday. For a second month in a row, there’s a ‘Hot News’ item relating to Remote Code Execution.
We are just a few days away from the release of SAP’s April Security Notes. Since this past month included some of the most critical notes we have seen to date for SAP, we’d like to review a few things we saw in March to ensure we have everything fully covered before heading into April. It was an interesting month for SAP Security, as findings from our Researchers yielded the second ‘Hot News’ note to date for 2017. In addition however, there were some other important vulnerabilities published in March that were tagged as ‘High Priority’ and should be mitigated if present in SAP systems.
Today SAP release its monthly Security Notes, as they do the every second Tuesday of every month. Among the 27 SAP Security Notes published today, 5 of them are related to SAP HANA, and were originally reported by Onapsis Research Labs. One of them, note #2424173, is the only SAP Security Note tagged as Hot News this month as it solves several vulnerabilities in the Self Service component (disabled by default) that can allow an attacker to fully compromise the SAP HANA system without the need of credentials.
In this month’s SAP Security Notes, it’s noticeable that the priority of the majority of security notes are higher compared to previous month.
So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security.
Onapsis Research Labs First to Help Discover and Fix Vulnerabilities in SAP HANA SPS12 - SAP Security Notes December 2016
Today SAP published 23 Security Notes, making a total of 32 notes since last second Tuesday of November, considering several notes that were published outside of the normal publishing schedule. As with every month, the Onapsis Research Labs have an impact on how SAP Security evolves. This month, 6 SAP Security Notes were reported to SAP by our researchers Sergio Abraham, Nahuel Sanchez and Emiliano Fausto (all of them recognized in SAP Webpage).