Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

SAP Security Notes April 2015 – Review

SAP has released the monthly critical patch update for April 2015. This patch update closes a lot of vulnerabilities in SAP products. Most of them are potential information disclosure vulnerabilities.

The most critical SAP Security vulnerabilities closed by SAP Security Notes April 2015

Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. Companies providing SAP Security Assessment, SAP Vulnerability Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes:

2067830: SAP Web Dynpro Java has an Implementation Flaw (CVSS Base Score: 5.8). An attacker can upload a malicious file to a system when the virus scanner is not configured correctly. It is recommended to install this SAP Security Note to prevent risks.

2094830: SAP Sybase Unwired Platform Online Data Proxy has an Information Disclosure vulnerablity (CVSS Base Score: 4.7). An attacker can use Information Disclosure to learn additional information (system data, debugging information, etc.) which will help them plan other attacks. It is recommended to install this SAP Security Note to prevent risks.

2084037: SAP NetWeaver RFC SDK has an Information Disclosure vulnerability (CVSS Base Score: 4.3). An attacker can use Information Disclosure to learn additional information (system data, debugging information, etc.) which will help them plan other attacks. It is recommended to install this SAP Security Note to prevent risks.

SAP has traditionally issued acknowledgments to the security researchers on their website. Checks for the issues are already available in ERPScan Security Monitoring Suite.