SAP releases fixes for some serious flaws in its business software

Concept art representing cybersecurity principles
(Image credit: Shutterstock / ZinetroN)

Business software vendor SAP has recently patched various flaws across multiple products, including some vulnerabilities rated as “critical”. Altogether, 19 flaws were addressed.

The critical flaws include those that can allow threat actors to overwrite files, inject code, and access and manipulate data. Among the affected applications are SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP, SAP NetWeaver AP for ABAP and the SAP Business Objects Business Intelligence Platform.

For the remaining 14 vulnerabilities, four were deemed high-severity, and ten were deemed medium-severity. SAP is a popular software vendor among corporations, which makes it a major target for cybercriminals. 

Major target

SAP is the largest ERP vendor worldwide, retaining almost a quarter of the global market share (24%) with more than 400,000 customers. Furthermore, nine out of ten of the Forbes Global 2000 organizations use SAP products, including its customer relationship management (CRM) and supply chain management (SCM) solutions.

Despite its popularity in the business world, news of breaches via SAP products are few and far between. Just over a year ago, the US Cybersecurity and Infrastructure Security Agency (CISA) warned business users of a number of “severe vulnerabilities” found in SAP solutions, which could result in data theft and ransomware attacks. 

And last year, networks belonging to firms and government organizations were compromised in an attack on SAP systems that were unpatched, serving as a staunch reminder to apply security fixes to software as soon as they are released by the vendor. 

The same advice applies to this new case, so make sure to patch your SAP systems as soon as possible.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.