SAP Patches Seven Vulnerabilities in Three Products

  • 9 October 2014
  • 2 replies
  • 571 views

Userlevel 7
Badge +54
by Chris Brook    October 9, 2014

SAP pushed out patches to address seven vulnerabilities in three different lines of software it produces. If exploited, the bugs – which weren’t disclosed until yesterday – could expose those running the systems to specialized attacks, information disclosure and in some cases, complete compromise.

The bugs, all of which are remotely exploitable, affect the German software company’s database management system HANA, its enterprise software BusinessObjects and analytics software NetWeaver Business Warehouse.

Companies mostly use the software to keep track of all things enterprise: sales, finances, human resources, and so on. Officials with Onapsis Research Labs who discovered the vulnerabilities, warn the bugs could expose gobs of information, customer data, product pricing, financial statements, employee information and more.
 
Full Article

2 replies

Userlevel 7
The following article is a update:
************************************

5 New Vulnerabilities Uncovered In SAP

By: Ericka Chickowski
 
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
 ERP security researchers at Onapsis have discovered five new vulnerabilities in SAP BusinessObjects and SAP HANA, three of them high-risk. One in particular gives attackers the power to overwrite data within mission-critical systems.
The three high-risk vulnerabilities are in BusinessObjects, a business intelligence suite used by organizations for complex business performance tracking and analysis. These types of intelligence tools are often wrapped up in enterprises' most important core business initiatives, containing the most sensitive data about customer behavior, pricing, financial forecasting and business processes. Very often the data directly contributes to competitive differentiation. In short, for many businesses this data is a key ingredient to their "secret sauce."
 
full article
 
 
 
Userlevel 7

Posted on 27 February 2015.Onapsis released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software. Included in the security advisories are three high risk vulnerabilities, one of which allows unauthenticated users to overwrite business data, and two medium risk vulnerabilities.

Depending on an organization’s use of these platforms, high risk vulnerabilities could be used by cyber attackers to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.

Three high risk advisories released detail vulnerabilities found in SAP BusinessObjects through default CORBA connector: full article

Reply