Thomas Fritsch has been working on SAP security research for over four years, after a longer career as an SAP expert. With a focus on vulnerabilities in SAP system configuration and SAP transport management, he is known as a publisher of various articles and a speaker at different SAP-related conferences. Previously to joining Onapsis, he worked for an SAP partner in Walldorf where he designed and realized customer-centric solutions for the SAP change and transport management.
SAP’s November Patch Day contained 11 notes in total with only three new notes above CVSS 7.0, a record low number for the year. Nevertheless, the lower-rated notes should not be left unaddressed as some of these vulnerabilities can be used to launch follow-up attacks, e.g., through impersonation of users or exploiting transport permissions.
SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released
SAP has released 17 new and updated SAP Security Notes on its October 2021 patch release. Read on for Onapsis's analysis.
SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities
SAP has published 21 new and updated Security Notes on its September Patch Day. Onapsis Research Labs contributed in fixing five vulnerabilities covered by three SAP Security Notes.
With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year.
SAP has published 16 new and updated Security Notes on its July Patch Day. This number includes two HotNews Notes and two High Priority Notes.
SAP Security Patch Day June 2021: Multiple Memory Corruption Vulnerabilities Can Lead to System Crashes
SAP has published 20 new and updated Security Notes on its June Patch Day. This number includes two HotNews Notes and four High Priority Notes.
SAP® has released 14 new and updated SAP Security Notes on its May 2021 patch release, including the notes that were released since last Patch Day. As part of this month’s patch release, there are three HotNews notes and three High Priority notes.
Welcome to the final installment of our series on the Dangers in SAP Transport Management. In our final post, we’ll focus on how an attacker could leverage logical file names and logical OS commands within SAP transports to access, modify and exfiltrate data.
SAP has released 23 new and updated SAP Security Notes in its April 2021 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are three HotNews notes and five High Priority notes.