SAP Security Notes July 2013 – Review
SAP has released the monthly critical patch update for July 2013. This patch update closes many vulnerabilities in SAP products. This month, two critical vulnerabilities found by ERPScan researcher Dmitry Chastukhin were closed.
The most critical issues
Some of our readers and clients asked us to categorize the most critical issues to patch them first. So, the most critical issues of this update can be patched by the following SAP Security Notes:
- 1860367: SAP CO-PA is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
- 1839699: SAP CA-MRS is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
Issues that were patched with the help of ERPScan
Here are the details of the issues that were found by ERPScan researchers.
- A missing authorization check vulnerability in SAP DI_CMS application. Update is available in SAP Security Note 1831022. An authenticated user can use the functions of DI_CMS access to which should be restricted.
- A missing authorization check vulnerability in SAP CM Services application. Update is available in SAP Security Note 1831053. An authenticated user can use functions of CM Services access to which should be restricted.
It is highly recommended to patch all those issues to prevent business risks. SAP traditionally sent acknowledgements for found vulnerabilities to security researchers from ERPScan at their acknowledgement page.
Advisories for those issues with technical details are available at erpscan.com.
Exploits for the most critical issues are available in ERPScan Security Monitoring Suite.