SAP has released the Security Patch Day for August, this month the company addresses several flaws, including three critical vulnerabilities (Hot News), the highest number of critical flaws since 2014. The August’s Patch Day includes a total of 23 SAP Security Notes.
Experts from Onapsis noticed that this SAP Security Patch Day has the highest number of critical notes in 2019, tree HotNews and two High Priority Notes released, plus one re-released HotNews note
One of the Hot News is an update to a Security Note initially released in April 2018 for Business Client, the other Hot News are:
“For the first time this year, SAP has published a Security Note with a CVSS of 9.9. This top scorer, SAP Security Note #2800779, is titled “Remote Code Execution (RCE) in SAP Netweaver UDDI Server (Services Registry)” and warns that attackers can take advantage of a buffer overflow vulnerability to inject code into the working memory.” reads the analysis published by Onapsis.”Because of the low complexity of this attack scenario in conjunction with the wide range of possible damages (e.g.
SAP Security Patch Day for August 2019, also addressed
“Considering the number of four HotNews and two High Priority Security Notes and taking into account the wide range of attack vectors exploitable in various SAP platforms, the August Patch Day demonstrates impressively the importance of keeping your systems up to date,” concludes Onapsis.