Since it is the second tuesday of the month, SAP has again published a new set of notes to patch vulnerabilities found in its software. Over the course of the month, counting from the last patch tuesday, a total of 30 new notes were published. Today, half of those notes were posted. 

At Onapsis we recognize that information security means more than just protecting your business-critical applications from possible invaders. Worldwide, we see cybersecurity regulations maturing, leading to added pressure for companies to stay compliant. It is clear that, apart from the obvious technical component, the legal aspects of the information security domain demand a growing slice of attention to maintain business prosperity.

It’s the second Tuesday of the month and another set of SAP Security Notes has been released. Since the previous Patch Day in August, SAP has released 32 notes, including 16 out-of-date and another 16 released this morning. One striking observation is that this is the fifth month in a row without a Hot News note; the highest category for notes based on risk. In addition to that, for the three high-priority notes, two of them are updates for a July note and the other one only affects a single country making the risk much smaller.

Today is the the second Tuesday of July and as our readers already know that today SAP released its monthly Security Notes. Here is our monthly report on how to improve your ERP security and take care of your most critical information. Today SAP released 16 new security notes, summing up to a total of 23 taking into account the ones published after second Tuesday last month. For the third month in a row there aren’t any notes tagged as Hot News.

As with the second Tuesday of every month, today SAP released its monthly Security Notes to keep your SAP infrastructure secure. This month, SAP published 18 new security notes, and released 11 security notes that were published after May 9th (last patch tuesday), totaling 29 notes that will be analyzed in this post. For the second month in a row there aren’t any notes tagged as Hot News; the most critical risk category that SAP has catalogued for newly discovered vulnerabilities.

In this month’s SAP Security Notes, it’s noticeable that the priority of the majority of security notes are higher compared to previous month.

Today SAP published 23 Security Notes, making a total of 32 notes since last second Tuesday of November, considering several notes that were published outside of the normal publishing schedule. As with every month, the Onapsis Research Labs have an impact on how SAP Security evolves. This month, 6 SAP Security Notes were reported to SAP by our researchers Sergio Abraham, Nahuel Sanchez and Emiliano Fausto (all of them recognized in SAP Webpage).

Today, Onapsis Research Labs released 15 advisories related to SAP HANA and some building components, as well as Internal Communication Channels (also known as TREXNet). This is the first launch of more than 40 advisories we will be publishing in the following month including several vulnerabilities we have discovered in business critical application such as SAP and Oracle. In this blogpost, we'll analyze two different vulnerabilities affecting SAP HANA.

Not too long ago I published a blog which discussed operationalizing your SAP cybersecurity strategy. In that post I discussed the confusion around division of responsibilities, who should own SAP security, and how SAP security gets operationalized within the organization as this is a common problem my team and I have noticed across organizations.

Recently, I published a post on the SAP Security Gap. This post discussed the present disconnect between security professionals and business executives on the vulnerability of their SAP systems. With SAP Cyber-Security continuing to be a topic of concern making mainstream headlines, it is critical that organizations begin to think about this notion in more detail if they wish to truly secure their enterprise applications such as SAP or Oracle.