SAP's August Patch Day Fixes 20 Severe Vulnerabilities, Including Two 'HotNews' Notes
SAP has released crucial security updates, including two 'HotNews' notes and eight high-priority patches, addressing severe vulnerabilities in various SAP products. The updates, released on August Patch Day, follow contributions from Onapsis Research Labs in fixing multiple vulnerabilities.
Among the patched issues, SAP Security Note #3341460 stands out, with a CVSS score of 9.8, addressing two critical vulnerabilities in SAP PowerDesigner. These include an Improper Access Control vulnerability and an Information Disclosure vulnerability. Another notable patch is SAP Security Note #3350297, with a CVSS score of 9.1, fixing an OS Command Injection vulnerability in IS-OIL, requiring special attention to avoid system inconsistencies.
SAP Commerce Cloud customers are affected by SAP Security Note #3346500, which patches an Improper Authentication vulnerability, allowing the creation of new users with empty passphrases. Meanwhile, SAP BusinessObjects and SAP Business One customers face multiple high-priority notes, including vulnerabilities such as Binary Hijack, Denial of Service, Cross-Site Scripting, and SQL Injection. Onapsis Research Labs contributed to patching several vulnerabilities affecting SAP Message Server, SAP NetWeaver AS ABAP and ABAP Platform, and SAP Host Agent.
SAP's August Patch Day addresses a total of 20 new and updated security notes, emphasizing the importance of prompt implementation to protect systems and data. Customers are urged to prioritize these updates, especially the two HotNews notes and high-priority patches, to mitigate potential security risks.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- Grid Risk Evaluation Strategy By NERC Outlined, Focusing on Potential Threats from Data Centers
- Rapid Expansion in Organic Rice Protein Market Projected at 15.6% Through 2034
- Vantor & Lanteris Fuel US Intelligence with Innovative Tech
