SAP releases fixes for some critical bugs in its business software
Enterprise software provider SAP recently patched various bugs across multiple products, including several that were rated “critical”. In total, 19 flaws were resolved.
Critical vulnerabilities include those that could allow threat actors to overwrite files, inject code, and access and manipulate data. Among the affected applications are SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP, SAP NetWeaver AP for ABAP, and SAP Business Objects Business Intelligence Platform.
For the remaining 14 vulnerabilities, 4 are considered high severity and 10 are considered medium severity. SAP is a popular software vendor among corporations, which makes it a prime target for cybercriminals.
main target
SAP is the largest ERP vendor worldwide, accounting for almost a quarter of the global market share (24%) with over 400,000 customers. Furthermore, nine out of ten organizations on the Forbes Global 2000 list use SAP products, including customer relationship management (CRM) and supply chain management (SCM) solutions.
Although common in the business world, news of breaches through SAP products is scant. Just over a year ago, the US Cybersecurity and Infrastructure Security Agency (CISA) warned business users about a number of “critical vulnerabilities” found in SAP solutions, which could lead to data theft and Ransomware attacks.
And last year, the networks of companies and government organizations were compromised in an attack on an unpatched SAP system, which is a stark reminder of the adoption of security fixes for software as soon as they are released by the vendor.
The same advice applies to this new scenario, so make sure to patch your SAP systems as soon as possible.
Through: BleepingComputer (opens in a new tab)