Business software provider SAP has recently patched various vulnerabilities in a number of products, including some vulnerabilities rated “critical”. A total of 19 bugs were fixed.
Critical vulnerabilities include those that could allow cybercriminals to overwrite files, inject code, and access and manipulate data. Among the affected applications are SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP, SAP NetWeaver AP for ABAP, and SAP Business Objects Business Intelligence Platform.
For the remaining 14 vulnerabilities, four were rated as very serious and ten as medium. SAP is a popular software vendor among corporations, making it a prime target for cybercriminals.
The main objective
SAP is the largest ERP provider in the world, retaining almost a quarter of the global market share (24%) with over 400,000 customers. Moreover, nine out of ten Forbes Global 2000 organizations use SAP products, including Customer Relationship Management (CRM) and Supply Chain Management (SCM) solutions.
Despite its popularity in the business world, reports of breaches via SAP products are scarce. Just over a year ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned business users of a number of “major vulnerabilities” in SAP solutions that could result in data theft and ransomware attacks.
And last year, networks belonging to companies and government organizations were compromised in an attack on unpatched SAP systems, a constant reminder to apply security patches to software as soon as they are released by the vendor.
The same advice applies to this new case, so be sure to patch your SAP systems as soon as possible.
By: Beeping Computer (opens in a new tab)