SAP Security Notes April 2015 – Review

SAP released its monthly critical patch update for April 2015 which closes a lot of vulnerabilities in SAP products. Most of them are Information Disclosure vulnerabilities.

The most critical SAP Security vulnerabilities closed by SAP Security Notes April 2015

Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. The companies that provide SAP Security Assessment, SAP Vulnerability Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes:

2067830: SAP Web Dynpro Java has an Implementation Flaw (CVSS Base Score: 5.8). An attacker can upload a malicious file to a system when the virus scanner is not configured correctly. It is recommended to install this SAP Security Note to prevent risks.

2094830: SAP Sybase Unwired Platform Online Data Proxy has an Information Disclosure vulnerablity (CVSS Base Score: 4.7). An attacker can use Information Disclosure to learn the additional information (system data, debugging information, etc.) which will help them plan other attacks. It is recommended to install this SAP Security Note to prevent risks.

2084037: SAP NetWeaver RFC SDK has an Information Disclosure vulnerability (CVSS Base Score: 4.3). An attacker can use Information Disclosure to learn additional information (system data, debugging information, etc.) which will help them plan further attacks. It is recommended to install this SAP Security Note to prevent risks.

SAP traditionally published acknowledgments to the security researchers on their website. Checks for the issues are already available in ERPScan Security Monitoring Suite.

Do you want more?

Subscribe me to your mailing list