Close

HAVE QUESTIONS?

Contact us today.

Subscribe me to your mailing list

SAP Security Notes February 2013 – Review

SAP

SAP released its monthly critical patch update for February 2013 which closes many vulnerabilities in SAP products. This month, two critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin and Nikolay Mescherin were closed.

The most critical issues

Our readers and clients asked us to categorize the most critical issues to patch them first. The most critical ones of this update can be patched by the following SAP Security Notes:

  • 1800603: SAP Message Server is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
  • 1785761: SAP Basis is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
  • 1764994: SAP Kernel is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
  • 1757675: SAP NetWeaver J2EE is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.

Issues that were patched with the help of ERPScan

The detailed list of issues that were found by ERPScan researchers and corrected by SAP this month is below:

  • A Directory Traversal vulnerability in SAP NetWeaver J2EE application. The update is available in SAP Security Note 1757675. An attacker can create new files in the system.
  • An SMBRelay vulnerability in SAP NetWeaver ALV component. the update is available in SAP Security Note 1446476.
  • The vulnerability was found in SAP Portal and allows a user to read any file from the operating system. In combination with the possibility to read the critical information like encrypted passwords or database files, this vulnerability can be extremly dangerous. The update is available in SAP Security Note 1619539.

It is highly recommended to patch all these issues to prevent business risks.

SAP traditionally published acknowledgements for the found vulnerabilities to security researchers from ERPScan at its acknowledgement page.

Advisories for those issues with technical details will be available in 3 months at erpscan.com.

Exploits for the most critical issues are available in ERPScan Security Monitoring Suite.

Do you want more?

Subscribe me to your mailing list