The news of this latest SAP security update brought me great relief as three of these critical vulnerabilities were critical for any attacker to exploit. If you utilise SAP products, then this information is important for you to know regarding your company’s security.
• The first vulnerability could potentially allow an attacker to execute malicious code in an SAP Solution Manager environment.
• The second vulnerability was in the SAP Commerce Cloud platform, allowing an attacker to abuse server-side components of the platform.
• The third vulnerability involved SAP Jconnect and had similar functionality to the first two critical vulnerabilities – allowing an attacker to execute unauthorised or malicious commands.
In essence, the issues associated with these vulnerabilities can be used by an attacker to gain access to your systems, to steal your data or to disrupt your business operations.
I've seen first-hand how one missed patch has turned into a stressful, long shift for IT support teams - so believe me, it's not an ideal scenario.
Attackers frequently target patchable software because they know that there will be numerous businesses that will take their time in updating software. Have you ever pondered why outdated software is such a prime target for malicious actors?
What did SAP fix?
The latest SAP security updates included 14 total fixes for various security issues. Three of which were designated as critical level vulnerabilities (criticality). A brief overview of what the three critical vulnerabilities may be able to do include:• The first vulnerability could potentially allow an attacker to execute malicious code in an SAP Solution Manager environment.
• The second vulnerability was in the SAP Commerce Cloud platform, allowing an attacker to abuse server-side components of the platform.
• The third vulnerability involved SAP Jconnect and had similar functionality to the first two critical vulnerabilities – allowing an attacker to execute unauthorised or malicious commands.
In essence, the issues associated with these vulnerabilities can be used by an attacker to gain access to your systems, to steal your data or to disrupt your business operations.
Why Is This Important?
SAP is a widely used software for financial management, sales, and supply chain management, as well as for tracking customer information. If any of these systems are breached, then the potential for damage to occur is extremely high.I've seen first-hand how one missed patch has turned into a stressful, long shift for IT support teams - so believe me, it's not an ideal scenario.
Attackers frequently target patchable software because they know that there will be numerous businesses that will take their time in updating software. Have you ever pondered why outdated software is such a prime target for malicious actors?
What Should You Do Right Now?
If you are using any SAP products then follow this basic advice:- Apply updates immediately
- Identify which SAP products you are presently using
- No delays will be made when addressing any urgent security problems
