When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Five critical flaws were addressed
Business software vendor SAP has recently patched various flaws across multiple products, including some vulnerabilities rated as “critical”. Altogether, 19 flaws were addressed.
The critical flaws include those that can allow threat actors to overwrite files, inject code, and access and manipulate data. Among the affected applications are SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP, SAP NetWeaver AP for ABAP and the SAP Business Objects Business Intelligence Platform.
For the remaining 14 vulnerabilities, four were deemed high-severity, and ten were deemed medium-severity. SAP is a popular software vendor among corporations, which makes it a major target for cybercriminals.
SAP is the largest ERP vendor worldwide, retaining almost a quarter of the global market share (24%) with more than 400,000 customers. Furthermore, nine out of ten of the Forbes Global 2000 organizations use SAP products, including its customer relationship management (CRM) and supply chain management (SCM) solutions.
> Thousands of SAP users face cyberattacks over unsecured flaws (opens in new tab)
> SAP reveals security holes in certain cloud products (opens in new tab)
> Here are the best endpoint protection tools (opens in new tab)
Despite its popularity in the business world, news of breaches via SAP products are few and far between. Just over a year ago, the US Cybersecurity and Infrastructure Security Agency (CISA) warned business users of a number of “severe vulnerabilities” found in SAP solutions, which could result in data theft and ransomware attacks.
And last year, networks belonging to firms and government organizations were compromised in an attack on SAP systems that were unpatched, serving as a staunch reminder to apply security fixes to software as soon as they are released by the vendor.
The same advice applies to this new case, so make sure to patch your SAP systems as soon as possible.
Via: BleepingComputer (opens in new tab)
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.