SAP Security Notes August 2013 – Review
SAP has released the monthly critical patch update for August 2013. This patch update closes many vulnerabilities in SAP products. This month, one critical vulnerability found by ERPScan researcher Nikolay Mescherin was closed.
The most critical issues
Some of our readers and clients asked us to categorize the most critical issues to patch them first. So, the most critical issues of this update can be patched by the following SAP Security Notes:
- 1773651: SAP BW-BEX-UDI-SDK is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
- 1851123: SAP BSP is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
Issues that were patched with the help of ERPScan
Here are the details of the issues that were found by ERPScan researchers.
- An SQL injection vulnerability in SAP ABAD0 application. Update is available in SAP Security Note 1840249. An attacker can exploit ABAD0 and use specially crafted inputs to modify database commands.
It is highly recommended to patch all those issues to prevent business risks. SAP has sent the traditional acknowledgements for found vulnerabilities to security researchers from ERPScan at their acknowledgement page.
Advisories for those issues are available at erpscan.com.
Checks for the described issues are already available in ERPScan Security Monitoring Suite.