SAP has published 35 new and updated Security Notes on its January Patch Day, demonstrating the serious impact of Log4j vulnerability on SAP security.
With 21 new and updated notes, including four HotNews Notes (with two of them being new) and six new and updated High Priority Notes, the last SAP Patch Tuesday in 2021 is slightly above this year’s average.
Onapsis CEO Mariano Nunez weighs in on Binding Operational Directive 22-01 which recommends urgent and prioritized remediation of known exploited vulnerabilities in software and applications and establishes requirements for federal civilian agencies to remediate these vulnerabilities.
This blog post’s main purpose is to help SAP Security administrators better understand how to review their SAP systems in response to CISA BOD 22-01. It details each vulnerability highlighted by CISA’s catalog of known exploited SAP vulnerabilities and provides guidance on steps to take.
SAP’s November Patch Day contained 11 notes in total with only three new notes above CVSS 7.0, a record low number for the year. Nevertheless, the lower-rated notes should not be left unaddressed as some of these vulnerabilities can be used to launch follow-up attacks, e.g., through impersonation of users or exploiting transport permissions.
SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released
SAP has released 17 new and updated SAP Security Notes on its October 2021 patch release. Read on for Onapsis's analysis.
SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities
SAP has published 21 new and updated Security Notes on its September Patch Day. Onapsis Research Labs contributed in fixing five vulnerabilities covered by three SAP Security Notes.
With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year.
SAP has published 16 new and updated Security Notes on its July Patch Day. This number includes two HotNews Notes and two High Priority Notes.
Meet Onapsis at Black Hat 2021 for a training session on a complete approach for both Offensive and Defensive of SAP systems.