SAP Notes March Review: FAQ about High Priority Notes

We are just a few days away from the release of SAP’s April Security Notes. Since this past month included some of the most critical notes we have seen to date for SAP, we’d like to review a few things we saw in March to ensure we have everything fully covered before heading into April. It was an interesting month for SAP Security, as findings from our Researchers yielded the second ‘Hot News’ note to date for 2017. In addition however, there were some other important vulnerabilities published in March that were tagged as ‘High Priority’ and should be mitigated if present in SAP systems.

SAP Security Notes March 2017: Onapsis Helps Secure Critical Bugs in SAP HANA

Today SAP release its monthly Security Notes, as they do the every second Tuesday of every month. Among the 27 SAP Security Notes published today, 5 of them are related to SAP HANA, and were originally reported by Onapsis Research Labs. One of them, note #2424173, is the only SAP Security Note tagged as Hot News this month as it solves several vulnerabilities in the Self Service component (disabled by default) that can allow an attacker to fully compromise the SAP HANA system without the need of credentials.

Oracle CPU for January 2017 Breaks New Record

In this month's post we will analyze the January 2017 Oracle Critical Patch Update (CPU) and how it relates to Oracle Business Critical Applications. This CPU is special because the number of vulnerabilities fixed sets a new record for the amount of vulnerabilities fixed in a single CPU for Business Critical Applications. At Onapsis, we believe there are two main factors that contribute to this record breaking number of vulnerabilities in a single CPU. These two factors are the Researchers and of course, Oracle itself.

Pages