Thomas Fritsch

See how Onapsis Research Labs helped to patch a critical Code Injection vulnerability and contributed to SAP Patch Tuesday this March. #SAPPatchTuesday

See how Onapsis Research Labs helped to patch a critical Code Injection vulnerability and contributed to SAP Patch Tuesday this February. #SAPPatchTuesday

Additional SAP BTP Applications affected by critical Privilege Escalation Vulnerability reported in December 2023

Important Patch for SAP BTP Security Services Integration Libraries

Very Calm Patchday with Critical Patch for SAP Business One

Code security tools have to process a data flow analysis to identify vulnerabilities like SQL Injection, OS Command Injection, Code Injection, and Directory Traversal. The Market leading solution, Onapsis C4CA and other tools in the market follow different approaches with regard to this data flow analysis and the resulting finding management. While some tools only start a local data flow analysis, C4CA optionally executes a global data flow analysis.

SAP’s October Patch Day was extremely calm. The only Hot News Note is an update of SAP Security Note #2622660 which provides regular patches for SAP Business Client, including the latest tested Chromium patches. The rest of the published SAP Security Notes are of Medium Priority.

Critical Patches for SAP BusinessObjects and SAP CommonCryptoLib released

New HotNews Note for SAP PowerDesigner and Important Update on July HotNews Note