SAP released its monthly critical patch update for May 2013 which closes a lot of vulnerabilities in SAP products. This month, one critical vulnerability found by Georgy Nosenko, an ERPScan researcher, was closed.
The most critical issues
Our readers and clients asked us to categorize the most critical issues to patch them first. The most critical ones of this update can be patched by the following SAP Security Notes:
- 1820666: SAProuter has a critical vulnerability. It is recommended to install this SAP Security Note to prevent risks.
- 1791238: SAP Kernel is vulnerable to a very dangerous issue.
Issues that were patched with the help of ERPScan
Here are the details of the issues that were found by ERPScan researchers.
- A Remote Code Execution vulnerability in SAProuter application. The update is available in SAP Security Note 1820666. An attacker can use this vulnerability for a remote unauthorized execution of commands.
It is highly recommended to patch the issue to prevent business risks.
SAP traditionally published acknowledgments for the found vulnerabilities to security researchers from ERPScan on their acknowledgment page.
Advisories for those issues with technical details will be available in 3 months at erpscan.com.
Exploits for the most critical issues are available in ERPScan Security Monitoring Suite.