April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more
March 12, 2024 at 02:04PM SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The … Read more
February 14, 2024 at 05:21AM SAP released 13 new and updated security notes addressing critical and high-severity vulnerabilities in its February 2024 Security Patch Day. The critical issue, CVE-2024-22131, allows unauthorized access and potential system unavailability. Customers are advised to apply patches promptly due to the risk of exploitation by threat actors targeting SAP products. … Read more
January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more
December 12, 2023 at 07:47PM The final Patch Tuesday of 2023 requires updates for Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian, and Apple products. Apple issued emergency fixes for vulnerabilities in iOS devices, Macs, Apple TV, and Apple Watch. Microsoft released over 30 patches, including critical vulnerabilities. Adobe addressed 212 vulnerabilities. Google’s Android security … Read more
December 12, 2023 at 02:06PM SAP announced 15 new and two updated security notes in its December 2023 Security Patch Day. This includes ‘hot news’ notes addressing vulnerabilities in SAP Business Technology Platform, Business Client, and OS command injection flaws in SAP ECC and SAP S/4HANA. Various other high and medium-priority issues were also resolved. … Read more
November 15, 2023 at 08:58AM SAP has released three new and three updated security notes as part of its November 2023 Security Patch Day. The most important new note addresses a vulnerability in the Business One application, while the updated notes address various vulnerabilities in different SAP products. Customers are advised to apply the patches … Read more