The Channel logo


By | Darren Pauli 10th August 2016 07:16

SAP whacks application cracks, shutters baker's dozen of potential hacks

Keeps details behind closed customer-only doors

SAP has issued a baker's dozen of high, medium, and low-severity patches.

The fixes cover four denial of service vulnerabilities, two sets of directory traversal and missing authorisation holes, a cross-site scripting and a SQL Injection flaw, and four miscellaneous security shortcomings.

SAP does not include any detail about what flaws its patches address on its public site.

The company also updated 13 security flaws patched last month.

The security severity of recent SAP patches.

A troop of 11 unpaid security researchers were responsible for reporting this month's 13 flaws.

Notable among those are the trio of Daria Prosochkina, Mathieu Geli, and Vahagn Vardanyan, from prolific research security outfit ERPScan.

The company has reported critical vulnerabilities in SAP assets, large portions of which were thanks to user configuration errors. ®

Update: SAP has been in touch with an official statement: "Security patches are available for download on the SAP Service Marketplace. We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Service Marketplace immediately."

comment icon Read 1 comment on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe