SAP Releases Monthly Security Update

SAP has released its monthly security update, addressing 17 new vulnerabilities in its software lineup. The company categorized four of these vulnerabilities with its highest severity rating, “Hot News.” The security patches were released as part of the company’s scheduled Patch Tuesday.

The discovery and reporting of these significant vulnerabilities were credited to researchers at Onapsis Research Labs, who collaborated with SAP to ensure the issues were resolved. The patches cover a range of SAP products, and customers are advised to review the updates to protect their systems.

Details of the Critical Flaws

The most severe vulnerability addressed in this update carries a CVSS score of 9.9 out of 10. This critical flaw is a Code Injection vulnerability found in SAP NetWeaver AS for JAVA (Guided Procedures). The vulnerability could allow an unauthenticated attacker to execute code on the affected application, compromising confidentiality, integrity, and availability.

Another “Hot News” vulnerability fixed by SAP is a Directory Traversal flaw with a CVSS score of 9.1. This issue affects SAP NetWeaver AS ABAP and ABAP Platform. All SAP customers are strongly encouraged to apply the newly released security patches immediately to mitigate the risks associated with these vulnerabilities.