SAP Security Notes

The Onapsis Blog

The world of business-critical application security is dynamic, with new developments happening on a continuous basis. Check out our blog for recommendations, insights and observations on the latest news for securing your SAP®, Oracle® and Salesforce applications.

SAP Security Patch Day May 2022: Spring4Shell vulnerability has been patched in six SAP applications

05/10/2022 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications

SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.

Read more about SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications

SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

04/12/2022 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

SAP’s April Patch Tuesday requires special attention. The Spring4Shell vulnerability, CVE-2022-22965, was recently detected and has been successfully exploited, as noted by researchers. Onapsis Research Labs contributed to a serious vulnerability in SAP MII that could lead to a full compromise of the server in patching hosting the application.

Read more about SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

03/08/2022 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.

Read more about SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

02/08/2022 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.

Read more about SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

SAP Security Patch Day January 2022: Log4j Causes Record-Breaking Number of HotNews Notes

01/11/2022 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day January 2022: Log4j Causes Record-Breaking Number of HotNews Notes

SAP has published 35 new and updated Security Notes on its January Patch Day, demonstrating the serious impact of Log4j vulnerability on SAP security.

Read more about SAP Security Patch Day January 2022: Log4j Causes Record-Breaking Number of HotNews Notes

SAP Security Patch Day December 2021: A Patch Day in the Shadow of Log4j

12/14/2021 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day December 2021: A Patch Day in the Shadow of Log4j

With 21 new and updated notes, including four HotNews Notes (with two of them being new) and six new and updated High Priority Notes, the last SAP Patch Tuesday in 2021 is slightly above this year’s average.

Read more about SAP Security Patch Day December 2021: A Patch Day in the Shadow of Log4j

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

11/09/2021 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

SAP’s November Patch Day contained 11 notes in total with only three new notes above CVSS 7.0, a record low number for the year. Nevertheless, the lower-rated notes should not be left unaddressed as some of these vulnerabilities can be used to launch follow-up attacks, e.g., through impersonation of users or exploiting transport permissions.

Read more about SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released

10/12/2021 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released

SAP has released 17 new and updated SAP Security Notes on its October 2021 patch release. Read on for Onapsis's analysis.

Read more about SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released

SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities

09/14/2021 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities

SAP has published 21 new and updated Security Notes on its September Patch Day. Onapsis Research Labs contributed in fixing five vulnerabilities covered by three SAP Security Notes.

Read more about SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities

SAP Security Patch Day August 2021: Critical Patches Released for Various Applications

08/10/2021 | By

Thomas Fritsch

|

SAP Security

SAP Security Patch Day August 2021: Critical Patches Released for Various Applications

With nine critical patches in total, SAP customers are facing the most noteworthy SAP Patch Day this year.

Read more about SAP Security Patch Day August 2021: Critical Patches Released for Various Applications

The Onapsis Blog

SAP Security Notes

SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications

SAP Security Patch Day April 2022: In Focus: Spring4Shell and SAP MII

SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities

SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver

SAP Security Patch Day January 2022: Log4j Causes Record-Breaking Number of HotNews Notes

SAP Security Patch Day December 2021: A Patch Day in the Shadow of Log4j

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel

SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released

SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities

SAP Security Patch Day August 2021: Critical Patches Released for Various Applications

Categories

Newsletter

Secure your
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Highly reviewed by Gartner Peer Insights

Contact

Connect

Sign Up For Our Newsletter

The Onapsis Blog

Categories

Newsletter

Secure your business-critical SAP,Oracle, Salesforceand SaaS apps

Highly reviewed by Gartner Peer Insights

Contact

Connect

Sign Up For Our Newsletter

Secure your
business-critical SAP,
Oracle, Salesforce
and SaaS apps