The Channel logo


By | Darren Pauli 10th August 2016 07:16

SAP whacks application cracks, shutters baker's dozen of potential hacks

Keeps details behind closed customer-only doors

SAP has issued a baker's dozen of high, medium, and low-severity patches.

The fixes cover four denial of service vulnerabilities, two sets of directory traversal and missing authorisation holes, a cross-site scripting and a SQL Injection flaw, and four miscellaneous security shortcomings.

SAP does not include any detail about what flaws its patches address on its public site.

The company also updated 13 security flaws patched last month.

The security severity of recent SAP patches.

A troop of 11 unpaid security researchers were responsible for reporting this month's 13 flaws.

Notable among those are the trio of Daria Prosochkina, Mathieu Geli, and Vahagn Vardanyan, from prolific research security outfit ERPScan.

The company has reported critical vulnerabilities in SAP assets, large portions of which were thanks to user configuration errors. ®

Update: SAP has been in touch with an official statement: "Security patches are available for download on the SAP Service Marketplace. We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Service Marketplace immediately."

comment icon Read 1 comment on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'