Thursday, March 28, 2019
Home / Security / Exploits / Seven Vulnerabilities Patched in SAP Products

Seven Vulnerabilities Patched in SAP Products

SAP (Systems, Applications & Products in Data Processing) widely used in enterprises across the world had seven exploits patched in three of it’s products today.  If the bugs were exploited, which weren’t revealed until the other day, it could expose those operating systems to specialized attacks, information disclosure and in some cases, total compromise over the impacted system.

The vulnerabilities, which all are remotely exploitable, impact the German software company’s database management system HANA, its enterprise software BusinessObjects and analytics software NetWeaver Business Warehouse.

Businesses mainly utilize the software to maintain everything enterprise: sales, finances, human resources, and so forth. Officials with Onapsis Research Labs who identified the vulnerabilities, warn the bugs could reveal tons of data, customer information, product pricing, fiscal reports, employee details and a slew of other information.

Numerous cross-site scripting vulnerabilities both in HANA and BusinessObjects were also discovered that might have allowed an attacker to impersonate a legitimate user and attack others within the system.

The majority of the bugs were found way back in January by Will Vandevanter and Nahuel D. Sanchez, two analysts at Onapsis, a Cambridge, Mass.-based company. In accordance with information published Wednesday on its Security Advisories page, a lot of the bugs were fixed in June but specifics regarding them weren’t published until recently.

If users haven’t done so by now, both SAP and Onapsis are encouraging users to patch the affected software ASAP to prevent what it’s calling ‘business risks.’

“I would urge all SAP HANA and SAP BusinessObjects users to check our advisories and the remedial steps we share to protect their company’s most important data,” Ezequiel Gutesman, Onapsis Manager of Research, mentioned Wednesday.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …