SAP has released the monthly critical patch update for December 2015. This patch update closes 26 vulnerabilities in SAP products (19 Patch Day Security Notes and 7 Support Package Security notes), 16 of which are high priority. This month, two critical vulnerabilities found by ERPScan researchers Alexander Polyakov, Mathieu Geli and Vahagn Vardanyan were closed.
The largest part of vulnerabilities closed by this update relates to the “other” type according to SAP’s blog post. This is quite typical for business applications such as SAP. Due to their uniqueness and complexity, there are much more uncommon vulnerabilities comparing to traditional software where, as our research Analysis of 3000 SAP Security notes revealed, configuration issues constitute only 2%. Last year we analyzed SAP Security Notes by type, and about 300 vulnerabilities of almost 3000 were defined as configuration issues and about 150 were uncategorized. Configuration and other unusual issues in SAP are 5 times more common than in traditional products, thus, a significant part of cybersecurity measures falls on shoulders of administrators.
Bring your own device (BYOD) tendency is changing the way IT is managed, delivered, and, most importantly, secured. BYOD encourages a company’s employees to work on devices they prefer. So, modern organizations and enterprises may either supply their employees with multi-function mobile devices or allow staff to bring their own handhelds of different types. BYOD sometimes includes specific concepts like bring your own computer (BYOC), bring your own laptop (BYOL), bring your own apps (BYOA), and bring your own PC (BYOPC).
August 19, 2015 / News
, Press Release
Palo Alto, CA – August 19, 2015 Advisory describing a critical buffer overflow vulnerability in SAP Afaria MDM server that can disable access to corporate systems for millions of mobile users was published today at the ERPScan’s website.
ERPScan, the most respected and credible Business Application Security company providing solutions to assess and secure SAP and Oracle ERP systems, today published details of the vulnerability in SAP Afaria MDM solution. This vulnerability, as well as other critical issues in SAP Afaria, was planned to be presented at the BlackHat APAC security conference in March, but the presentation was revoked by ERPScan because of responsible disclosure rules.
SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin, Vahagn Vardanyan, Roman Bezhan were closed.
SAP has released the monthly critical patch update for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most common vulnerability is Missing Authorization Check. This month, three critical vulnerabilities found by ERPScan researchers Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.
Mobile devices are actively integrated into business processes. Companies have more and more business applications and mobile devices. Employees increasingly bring their own equipment to the workplace (BYOD policy – Bring Your Own Device) and gain access to critical corporate information.
SAP Mobile Platform (or SMP, formerly called Sybase Unwired Platform, or SUP) is an MEAP (Mobile Enterprise Application Platform) solution. SMP is used for monitoring and controlling applications which are installed on mobile phones and have access to business data. The main goal of SMP is providing business data to mobile devices with enterprise cybersecurity. Platform capabilities allow users to work with data from SAP business applications using mobile applications both online and offline. This data can be accessed through all modern mobile devices. Android, Blackberry, iPhone / iPad and Windows / Windows Mobile devices are used by end users. Installed client applications are connected to SMP. These programs can be found on Play Market, Apple Store, or Windows Store.