Details to be shared:
In the latest SAP Security Patch Day in November 2023, six new and updated patches were released, addressing several vulnerabilities in SAP products. Two of these patches were HotNews Notes, while four were Medium Priority Notes.
The most critical update, HotNews Note #3340576, addresses a Missing Authorization Check in the SAP CommonCryptoLib with a CVSS score of 9.8. This vulnerability is specific to the NetWeaver AS Java Logon application and could potentially allow an unauthenticated attacker to brute-force the login functionality, identifying legitimate user ids.
Another critical update, HotNews Note #3355658, patches an Improper Access Control Vulnerability in SAP Business One. This issue allows anonymous users read and write access to various parts of the SAP Business One installation, including the SMB shared folder, Crystal Report (CR) shared folder, Traditional Mobile app (attachment path), RSP (log folder logic), Job Service, and BAS (file upload folder).
Customers using SAP Business One are advised to update their installation to SP 2308 and implement the provided hotfix. Additionally, they should read the referenced FAQ note #3400236 for more details. It's important to note that installations on lower support package (SP) levels are also affected by the vulnerability.
SAP NetWeaver Application Server Java is not affected by the Information Disclosure vulnerability in SAP Security Note #3362849, which patches an Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows unauthenticated attackers to access unintended data.
The Onapsis Research Labs will update their platform to incorporate the newly published vulnerabilities. For more information about the latest SAP security issues, viewers can watch The Defenders Digest - the monthly video recap of ERP security news.
It's crucial for SAP users to stay updated on these security patches to ensure the security of their systems. By promptly implementing the provided hotfixes, they can protect their installations from potential threats.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Hackers allegedly responsible for mobile banking fraud in Kenya, as per the central bank, yet confidential sources hint at potential insider involvement
- Upcoming Amazon Hardware Event 2025: Anticipated Announcements
