German software giant SAP announced the discovery of security issues in its cloud-based products as part of an internal security review, the company already started to address the vulnerabilities.
The list of the affected products includes Success Factors, Concur, CallidusCloud Commissions, Callidus Cloud CPQ; as well as C4C/Sales Cloud, Cloud Platform, and Analytics Cloud.
The detailed list of vulnerabilities has yet to be disclosed, according to an advisory published by the company the issues will be completed in the second quarter of 2020.
The company announced it will notify approximately 9% of its 440,000 customers, the good news is that the company is not aware of any attack in the wild exploiting the issues.
“SAP continuously reviews and optimizes its cybersecurity infrastructure. The company has identified that some of its cloud products do not meet one or several contractually agreed or statutory IT security standards at present. Specifically, the affected products are limited to the acquired entity products SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as C4C/Sales Cloud, Cloud Platform and Analytics Cloud.” reads the advisory published by the company.
“These findings were not identified in response to a security incident. As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues. In an effort to ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with market peers.”
The software firm added that the expenses related to the remediation will not impact the current 2020 financial outlook.
“The expenses related to the remediation are expected to be covered within the range of SAP’s current 2020 financial outlook.” concludes the advisory.
“SAP will inform and support the affected customers individually – approximately 9 percent of its 440,000 customers.”
Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – cybersecurity, hacking)