SAP Security Notes September 2017: No Hot News updates does not mean you can become complacent

It’s the second Tuesday of the month and another set of SAP Security Notes has been released. Since the previous Patch Day in August, SAP has released 32 notes, including 16 out-of-date and another 16 released this morning. One striking observation is that this is the fifth month in a row without a Hot News note; the highest category for notes based on risk. In addition to that, for the three high-priority notes, two of them are updates for a July note and the other one only affects a single country making the risk much smaller.

SAP Security Notes August 2017: Remote Code Injection Vulnerability in JAVA Component

It’s the second Tuesday of the month, meaning another round of monthly SAP notes have been released. Below is our monthly analysis regarding the SAP vulnerabilities fixed, to help you keep your ERP environment safe and protected. For another month, there are no new notes tagged as Hot News, now making a four month streak in which notes of this severity are absent. There is still a need for action however, since three notes were reported as having High priority.

SAP Security Notes July 2017: Patched Denial Of Service Vulnerability affecting all SAP Platforms

Today is the the second Tuesday of July and as our readers already know that today SAP released its monthly Security Notes. Here is our monthly report on how to improve your ERP security and take care of your most critical information. Today SAP released 16 new security notes, summing up to a total of 23 taking into account the ones published after second Tuesday last month. For the third month in a row there aren’t any notes tagged as Hot News.

SAP Security Notes June 2017: Information Disclosure and Denial of Service

As with the second Tuesday of every month, today SAP released its monthly Security Notes to keep your SAP infrastructure secure. This month, SAP published 18 new security notes, and released 11 security notes that were published after May 9th (last patch tuesday), totaling 29 notes that will be analyzed in this post. For the second month in a row there aren’t any notes tagged as Hot News; the most critical risk category that SAP has catalogued for newly discovered vulnerabilities.

SAP Security Notes May 2017: Military and Defense Solutions

As with the second Tuesday of every month, today SAP released its monthly Security Notes to keep your SAP infrastructure secure. This month, SAP published 14 new Security Notes with only one note tagged as High Priority. However, of these 14 notes, four of them are updates to previous publications. Based on the number of fixed vulnerabilities, and the criticality of each, it’s safe to say that this is not a critical patch day for SAP compared to previous months.

SAP Notes March Review: FAQ about High Priority Notes

We are just a few days away from the release of SAP’s April Security Notes. Since this past month included some of the most critical notes we have seen to date for SAP, we’d like to review a few things we saw in March to ensure we have everything fully covered before heading into April. It was an interesting month for SAP Security, as findings from our Researchers yielded the second ‘Hot News’ note to date for 2017. In addition however, there were some other important vulnerabilities published in March that were tagged as ‘High Priority’ and should be mitigated if present in SAP systems.

SAP Security Notes March 2017: Onapsis Helps Secure Critical Bugs in SAP HANA

Today SAP release its monthly Security Notes, as they do the every second Tuesday of every month. Among the 27 SAP Security Notes published today, 5 of them are related to SAP HANA, and were originally reported by Onapsis Research Labs. One of them, note #2424173, is the only SAP Security Note tagged as Hot News this month as it solves several vulnerabilities in the Self Service component (disabled by default) that can allow an attacker to fully compromise the SAP HANA system without the need of credentials.

Pages