Cross-Site Scripting Never Gets Old
Highlights of May SAP Security Notes analysis include twenty-five new and updated SAP security patches released, including three HotNews Notes and nine High Priority Notes. Several critical vulnerabilities in SAP 3D Visual Enterprise License Manager’s web interface should be paid close attention. This month also marks the fourth time in a row that Onapsis Research Labs has directly contributed to SAP Patch Tuesday.
SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.
SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.
SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.
The Defenders Digest
Onapsis CTO and Director of Threat Research monthly video recap all things ERP security.Watch Now