SAP Security Notes May 2013 – Review
SAP has released the monthly critical patch update for May 2013. This patch update closes a lot of vulnerabilities in SAP products. This month, one critical vulnerability found by an ERPScan researchers (Georgy Nosenko) was closed.
The most critical issues
Some of our readers and clients asked us to categorize the most critical issues to patch them first. So, the most critical issues of this update can be patched by the following SAP Security Notes:
- 1820666: SAProuter has a critical vulnerability. It is recommended to install this SAP Security Note to prevent risks.
- 1791238: SAP Kernel is vulnerable to a very dangerous issue.
Issues that were patched with the help of ERPScan
Here are the details of the issues that were found by ERPScan researchers.
- Remote code execution vulnerability in SAProuter application. Update is available in SAP Security Note 1820666. An attacker can use the remote command execution vulnerability for remote unauthorized execution of commands.
It is highly recommended to patch the issue to prevent business risks.
SAP has traditionally sent acknowledgments for the found vulnerabilities to security researchers from ERPScan on their acknowledgment page.
Advisories for those issues with technical details will be available in 3 months at erpscan.com.
Exploits for the most critical issues are available in ERPScan Security Monitoring Suite.