SAP Patches Critical Command Injection Vulnerabilities

March 12, 2024 at 02:04PM SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The … Read more

SAP Patches Critical Vulnerability Exposing User, Business Data

February 14, 2024 at 05:21AM SAP released 13 new and updated security notes addressing critical and high-severity vulnerabilities in its February 2024 Security Patch Day. The critical issue, CVE-2024-22131, allows unauthorized access and potential system unavailability. Customers are advised to apply patches promptly due to the risk of exploitation by threat actors targeting SAP products. … Read more

Ivanti Patches Critical Vulnerability in Endpoint Manager

January 5, 2024 at 07:18AM Ivanti warned of a critical vulnerability in its Endpoint Manager product, CVE-2023-39336, allowing remote code execution and potential device takeover. The issue affects EPM 2022 Service Update 4 and all prior versions, with a fix available in EPM 2022 Service Update 5. Ivanti restricts details to customers, suggesting proactive patching … Read more

SAP Patches Critical Vulnerability in Business One Product

November 15, 2023 at 08:58AM SAP has released three new and three updated security notes as part of its November 2023 Security Patch Day. The most important new note addresses a vulnerability in the Business One application, while the updated notes address various vulnerabilities in different SAP products. Customers are advised to apply the patches … Read more