SAP Cyber Threat Intelligence report – March 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats.

Key takeaways

  • The set of SAP Security Notes consists of 27 patches and the majority of them rated medium.
  • Missing authorization check remains the most common vulnerability type in 2018 since January.

SAP Security Notes – March 2018

SAP has released the monthly critical patch update for March 2018. This patch update closes 27 SAP Security Notes (10 SAP Security Patch Day Notes and 17 Support Package Notes). 4 of all the patches are updates to previously released Security Notes.

11 of all the notes were released after the second Tuesday of the previous month and before the second Tuesday of this month.

6 of the released SAP Security Notes received a High priority rating, two was assessed at Low, and 19 fixes were rated medium.

SAP Security Notes Distribution by Priority (October 2017–March 2018)

The most common vulnerability type is Missing authorization check, and it remains the same since January 2018.

SAP Security Notes Distribution by Vulnerability Types – March 2018

SAP users are recommended to implement security patches as they are released as it helps protect the SAP landscape.

Issues that were patched with the help of ERPScan

This month, one critical vulnerability identified by ERPScan’s researcher Mathieu Geli was closed. The details are below.

It is an Information Disclosure vulnerability in SAP BPA BY REDWOOD (CVSS Base Score: 7.5 CVE-2018-2400). The update is available in SAP Security Note 2596535. An attacker can use it to reveal additional information (e.g. system data, debugging information, etc.) that aids in learning about a system and planning more severe attacks.

Critical issues closed by SAP Security Notes in March

The most dangerous vulnerabilities of this update can be patched with the following SAP Security Notes:

  • 2538829: SAP Internet Graphics Server (IGS) has an Security vulnerabilities (CVSS Base Score: 8.8 Memory corruptionCVE-2004-1308, DoS CVE-2005-2974, RCE CVE-2005-3350). Depending on the vulnerability, attackers can exploit a Denial of service vulnerability for terminating a process of vulnerable component. Nobody can use this service. This fact has a negative influence on business processes and business reputation as result. Install this SAP Security Note to prevent the risks.
  • 2587369: SAP HANA capture & replay trace file has an information disclosure vulnerability (CVSS Base Score: 7.6 CVE-2018-2402). An attacker can use an Information disclosure vulnerability to learn about a system and to plan other attacks. Install this SAP Security Note to prevent the risks.
  • 2580967: SAP Business Client has a Information Disclosure vulnerability (CVSS Base Score: 6.7 CVE-2018-2398). An attacker can use an Information disclosure vulnerability for revealing additional information about a system and to plot other attacks. Install this SAP Security Note to prevent the risks.

Advisories for these SAP vulnerabilities with technical details will be available in three months on Exploits for the most critical vulnerabilities are already available in ERPScan Security Monitoring Suite.

Do you want more?

Subscribe me to your mailing list