sap patch day

Cross-Site Scripting Never Gets Old

Highlights of May SAP Security Notes analysis include twenty-five new and updated SAP security patches released, including three HotNews Notes and nine High Priority Notes. Several critical vulnerabilities in SAP 3D Visual Enterprise License Manager’s web interface should be paid close attention. This month also marks the fourth time in a row that Onapsis Research Labs has directly contributed to SAP Patch Tuesday.

Critical Vulnerabilities in SAP Diagnostics Agent Poses Risk To All SAP Systems

Critical Vulnerabilities patched in SAP NetWeaver AS ABAP / Java and in SAP BusinessObjects

SAP Patch Day for February 2023 addresses twenty-six new & updated security patches which include one HotNews Note & five High Priority Notes.

SAP patch day for January 2023 addresses critical vulnerabilities patched for SAP AS ABAP and Java.

SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.

SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.

SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.

As 2021 draws to a close, Onapsis Research Labs shares a short summary of this year’s most important highlights relating to SAP security as well as a statistical analysis of this year’s SAP Patch Days.