ERP News

SAP

Make a SAP decision: Apply these security fixes if you’re using German giant’s software

198 0
11 patches ship on Patch Tuesday
SAP German software

SAP German software

SAP German software- While you were sighing your way through Microsoft’s Patch Tuesday, enterprise vendor SAP slid 11 security advisories under your door.

Top of the list is a depressingly familiar howler in SAP Cloud Connector pre-version 2.11.3: the software neglects authentication checks for functions that require user identity (CVE-2019-0246). A related bug in Cloud Connector (the same versions), CVE-2019-0247, can be exploited to achieve remote code injection.

The German titan’s systems management environment, SAP Landscape Management, is also on the critical list thanks to a sketchily described information disclosure bug, CVE-2019-0249.

Two other products suffered authentication slip-ups. The company’s BW/4HANA data warehouse (CVE-2019-0243), and SAP Enterprise Financial Services (CVE-2018-2484), both have authentication blunders that can result in privilege escalation.

SAP Financial Consolidation Cube Designer could reveal password hashes (CVE-2018-2499), and the ABAP application server had an undefined information disclosure bug (CVE-2019-0248).

There are two denial-of-service bugs in the list: one in the company’s Work and Inventory Manager (CVE-2019-0241), the other via crafted malicious links in Business Objects for Android (CVE-2019-0240).

Finally, there’s one cross-site scripting bug patched in SAP Commerce (CVE-2019-0238) and two in the company’s CRM Web Client UI (CVE-2019-0244 and CVE-2019-0245).

Read More Here

Article Credit: The Register

Leave A Reply

Your email address will not be published.

*

code