SAP has released the monthly critical patch update for October 2013. This patch update closes many vulnerabilities in SAP products. This month, one critical vulnerability found by ERPScan researcher Alexander Polyakov was closed.
The most critical issues
Some of our readers and clients asked us to categorize the most critical issues to patch them first. So, the most critical issues of this update can be patched by the following SAP Security Notes:
- 1902854: SAP BC-DB-MSS is vulnerable to a very critical issue. It is recommended to install this SAP Security Note to prevent risks.
- 1868140: SAP BASIS is vulnerable to another critical issue. It is recommended to install this SAP Security Note to prevent risks.
Issues that were patched with the help of ERPScan
Here are the details of the issues that were found by ERPScan researchers.
The detailed list of corrected vulnerabilities is below:
- An Information Disclosure vulnerability in SAP NetWeaver. Update is available in SAP Security Note 1854826.An attacker can discover information related to NetWeaver browser sessions (cookies) that is used to identify and authenticate the user.
It is highly recommended to patch all those issues to prevent business risks. SAP has sent the traditional acknowledgements for found vulnerabilities to security researchers from ERPScan at their acknowledgement page.
Advisories for those issues are available at erpscan.com.
Checks for the described issues are already available in ERPScan Security Monitoring Suite.