sap patch day

The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

03/14/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: March 2023

Critical Vulnerabilities patched in SAP NetWeaver AS ABAP / Java and in SAP BusinessObjects

Read more about SAP Patch Day: March 2023

02/14/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: February 2023

SAP Patch Day for February 2023 addresses twenty-six new & updated security patches which include one HotNews Note & five High Priority Notes.

Read more about SAP Patch Day: February 2023

01/10/2023 | By

Thomas Fritsch

|

SAP Patch Day

SAP Patch Day: January 2023

SAP patch day for January 2023 addresses critical vulnerabilities patched for SAP AS ABAP and Java.

Read more about SAP Patch Day: January 2023

SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

04/12/2022 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.

Read more about SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

03/08/2022 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.

Read more about SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

02/08/2022 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.

Read more about SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

SAP Security: A Look Back at 2021 Highlights

12/21/2021 | By

Thomas Fritsch

|

Corporate

SAP Security: A Look Back at 2021 Highlights

As 2021 draws to a close, Onapsis Research Labs shares a short summary of this year’s most important highlights relating to SAP security as well as a statistical analysis of this year’s SAP Patch Days.

Read more about SAP Security: A Look Back at 2021 Highlights

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

11/09/2021 | By

Thomas Fritsch

|

SAP Patch Day

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

SAP’s November Patch Day contained 11 notes in total with only three new notes above CVSS 7.0, a record low number for the year. Nevertheless, the lower-rated notes should not be left unaddressed as some of these vulnerabilities can be used to launch follow-up attacks, e.g., through impersonation of users or exploiting transport permissions.