SAP released 14 new and updated SAP security patches for its November SAP Patch Day. Onapsis Research Labs contributed to fixing three new SAP vulnerabilities.
SAP has published 11 new and updated Security Notes on its August Patch Day. SAP has patched three Information Disclosure vulnerabilities in SAP BusinessObjects (BO) which affect different components of the application.
SAP has released 27 new and updated SAP Security Notes in its July 2022 patch release. Three primary areas are affected by today’s SAP Security Notes, so Onapsis Research Labs recommends reviewing all details below before implementing the corresponding patches.
In SAP's June Patch Day, there are 17 new and updated security patches. The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) also lists three well known vulnerabilities.
SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications
SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.
SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.
SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.
SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.