December 10, 2024 at 08:57AM SAP released nine new and four updated security notes on December 2024 Security Patch Day, addressing critical vulnerabilities in NetWeaver AS for Java. Notably, CVE-2024-47578 poses a significant risk of complete system compromise. Users are urged to implement the security updates promptly, although there are no known active exploits. ### … Read more
December 4, 2024 at 06:01PM Onapsis announced an expansion of its Control product line, introducing a new bundle for enhanced application security testing on the SAP Business Technology Platform (BTP). This offering provides automated code scanning, real-time security checks, and centralized Git repository scanning, helping developers secure and streamline their SAP projects. Availability starts Q4 … Read more
September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more
August 13, 2024 at 11:36AM SAP announced 17 new and 8 updated security notes for August 2024. Two “hot news” notes addressed critical vulnerabilities, including missing authentication check in BusinessObjects Business Intelligence and server-side request forgery bug in Node.js library. Four other high-severity vulnerabilities were resolved, along with several medium-severity ones. Organizations are urged to … Read more
July 16, 2024 at 10:18AM Trend Micro partners with IBM to enhance security for critical SAP workloads running on IBM Power servers. The collaboration leverages IBM’s system security expertise and Trend Vision Oneā¢ to provide advanced threat protection, detection, and response, addressing the increasing cyber risks faced by SAP customers. The combined solution extends visibility, … Read more
July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more
June 11, 2024 at 08:33PM Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, … Read more
June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more
May 14, 2024 at 11:03AM SAP released 14 new and three updated security notes for May 2024 Security Patch Day. Two new and one updated note are of highest severity, addressing critical flaws in Business Client, CX Commerce, and NetWeaver. These include vulnerabilities such as CSS injection and remote code execution. SAP advises customers to … Read more
April 18, 2024 at 12:40PM Hackers are increasingly targeting SAP applications and data in organizations, driven by migration to the cloud and improved ability to exploit security gaps. Ransomware attacks on SAP systems have risen by 400%, with pricing for SAP exploits following suit. Threat actors, including APT10 and FIN7, are exploiting vulnerabilities in various … Read more