SAP Releases 16 New Security Notes on September 2024 Patch Day

September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

August 22, 2024 at 02:00AM GitHub has addressed three security flaws in its Enterprise Server product, including a critical bug (CVE-2024-6800) that could grant an attacker site administrator privileges. Two medium-severity flaws have also been resolved (CVE-2024-7711, CVE-2024-6337). Users are urged to update to the latest versions (3.13.3, 3.12.8, 3.11.14, and 3.10.16) to mitigate potential … Read more

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

August 13, 2024 at 11:36AM SAP announced 17 new and 8 updated security notes for August 2024. Two “hot news” notes addressed critical vulnerabilities, including missing authentication check in BusinessObjects Business Intelligence and server-side request forgery bug in Node.js library. Four other high-severity vulnerabilities were resolved, along with several medium-severity ones. Organizations are urged to … Read more

SAP Patches High-Severity Vulnerabilities in PDCE, Commerce

July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more

HubSpot Warns of Ongoing Cyberattacks Targeting Customer Accounts

July 1, 2024 at 12:24PM HubSpot is actively investigating and blocking attempts to hack into customer accounts. They have reported at least 50 targets have been breached, with unauthorized access to less than 50 accounts. The company has taken necessary steps to revoke the attacker’s access and believes the impact will be isolated to a … Read more

SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver

June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more

Google takes shots at Microsoft for shoddy security record with enterprise apps

May 20, 2024 at 01:56PM Google promotes its security superiority over Microsoft in wake of recent breaches. A white paper criticizes Microsoft’s handling of security breaches and advocates for firms to switch to Google’s services. Google contends that Workspace offers superior security practices and takes a direct shot at its rival. An offer to entice … Read more

SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

May 14, 2024 at 11:03AM SAP released 14 new and three updated security notes for May 2024 Security Patch Day. Two new and one updated note are of highest severity, addressing critical flaws in Business Client, CX Commerce, and NetWeaver. These include vulnerabilities such as CSS injection and remote code execution. SAP advises customers to … Read more

SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more

SAP Patches Critical Command Injection Vulnerabilities

March 12, 2024 at 02:04PM SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The … Read more