SecurityWeek
SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA
SAP has released patches for a critical vulnerability impacting multiple enterprise applications, including NetWeaver and S/4HANA.
Cyber Security News
Critical SAP NetWeaver & CX Commerce Flaw Leads To Complete Takeover
Three vulnerabilities have been discovered in SAP Customer Experience (CX) commerce cloud and SAP Netweaver Application which were
SecurityWeek
SAP Patches High-Severity NetWeaver Vulnerabilities
SAP on Tuesday announced the release of ten new and two updated security notes as part of its June 2022 Security Patch Day.
SecurityWeek
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
Infosecurity News
SAP Patches Critical NetWeaver and ABAP Platform Vulnerabilities
SAP confirmed most of the vulnerabilities have now available fixes, and advised companies to update their systems as soon as possible.
Bleeping Computer
SAP fixes critical bugs in Business Client, Commerce, and NetWeaver
SAP's security updates for this month address multiple critical vulnerabilities. The most serious of them, rated with the highest severity score, affects the company's Business Client product.
Cyber Security News
Critical SAP Vulnerabilities Let Attackers Inject Code & Execute Commands
SAP provided security fixes for 19 vulnerabilities, five of which were classified as critical, affecting SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver.
SecurityWeek
SAP's December 2022 Security Updates Patch Critical Vulnerabilities
SAP this week announced its December 2022 security updates, which resolve critical vulnerabilities in Business Client, BusinessObjects, NetWeaver, and Commerce.
SecurityWeek
SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities
SAP announced fixes for multiple critical-severity vulnerabilities on January 2023 Security Patch Day.
Cyber Security News
SAP Security Update: 16 Flaws in Multiple SAP Products Addressed
SAP has released patches for 16 vulnerabilities with Critical, High, Medium, and Low severities. The CVSS scores for these vulnerabilities are between 3.7 (Low) to 9.8 (Critical) which contributes to 1 Critical, 6 High, 7 Medium, and 1 Low severity vulnerability. One of the vulnerability CVSS scores is yet to be confirmed.
SecurityWeek
SAP's First Patches of 2024 Resolve Critical Vulnerabilities
SAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell.
SecurityWeek
SAP Patches High-Severity Flaws in Business One, BusinessObjects, GRC
SAP has released eight new and five updated security notes as part of its September 2022 Security Patch Day.
SecurityWeek
SAP Patches Critical Vulnerability Exposing User, Business Data
SAP patches a critical code-injection vulnerability in the SAP ABA (Application Basis) cross-application component.
Bleeping Computer
SAP releases security updates fixing five critical vulnerabilities
Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks.
SecurityWeek
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’.
SecurityWeek
SAP Patches Critical Vulnerability in Business One Product
SAP released a hotfix for a critical-severity improper access control vulnerability in Business One product installation.
Cyber Security News
SAP vulnerabilities Let Attacker Inject OS Commands—Patch Now!
SAP has released their updates for patch day of this month in which several vulnerabilities have been fixed and CVEs have been updated. The severity of the patched bugs varies from 4.5 (medium) to 10.0 (critical).
Cyber Security News
SAP Security Patch Addresses Privilege Escalation Flaw
Recently in a security note the German multinational software company, SAP released a security patch for the vulnerabilities.
Security Affairs
Critical flaw fixed in SAP Business One product
Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product.
SecurityWeek
SAP Patches Critical Vulnerability in ECC and S/4HANA Products
SAP on July 2023 Security Patch Day released 16 new security notes, including one addressing a critical vulnerability in ECC and S/4HANA
SecurityWeek
SAP Patches Critical Command Injection Vulnerabilities
Enterprise software maker SAP documents multiple critical-severity issues and warns of risk of command injection attacks.
SecurityWeek
SAP Patches Spring4Shell Vulnerability in More Products
As part of its May 2022 Security Patch Day, SAP has released eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products.
SecurityWeek
SAP Patches Critical Vulnerability in PowerDesigner Product
SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product.
SecurityWeek
SAP's April 2024 Updates Patch High-Severity Vulnerabilities
SAP releases 12 security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.
Cyber Security News
SAP Security Vulnerabilities Let Attackers Perform Code Injection
SAP has released its September security patches in which 13 vulnerabilities were related to Information Disclosure, Code Injection, Memory Corruption, and much more.
The Record
CISA and SAP warn about major vulnerability
German enterprise software maker SAP and the US Cybersecurity and Infrastructure Security Agency have issued security advisories on Tuesday to warn SAP customers to install the company's February security patches as soon as possible in order to prevent the exploitation of a major vulnerability in a ubiquitous SAP component.
SecurityWeek
SAP Vulnerability Exploited in Attacks After Details Disclosed at Hacker Conferences
CISA warns that one SAP vulnerability and two Microsoft product vulnerabilities patched earlier this year are being exploited in the wild.
CyberSecurity Dive
Critical SAP CVEs leave broad exposure, fixes require downtime
Thousands of systems remain vulnerable, including applications not connected to the public internet.
Cyber Security News
SAP Patches for XSS, Log Injection & Other Vulnerabilities
SAP has released the security patches for the Patch Day of October 2023 in which they have a release of new Security Notes and 2 updates.
ZDNet
This sneaky hacking group targets old Java applications to break into networks | ZDNet
Cybersecurity researchers warn about cyberattacks by 'Elephant Beetle' - which use over 80 tools and exploits legacy vulnerabilities to hide inside networks for months at a time.
SecurityWeek
SAP Patches Information Disclosure Vulnerabilities in BusinessObjects
SAP has announced the release of five new and two updated security notes as part of its August 2022 Security Patch Day.
Bleeping Computer
‘Elephant Beetle’ spends months in victim networks to divert transactions
A financially-motivated actor dubbed 'Elephant Beetle' is stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts.
CyberSecurity Dive
Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching
Onapsis security researchers warn attackers could take full control of systems to steal data, disrupt critical business functions and launch ransomware.
SecurityWeek
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5
SAP has released nine new security notes on its November 2022 Security Patch Day, including two notes addressing critical bugs in BusinessObjects and SAPUI5.
Bleeping Computer
SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
SecurityWeek
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
CISA warns admins to patch maximum severity SAP vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM).
The Hacker News
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
CISA has updated its Known Exploited Vulnerabilities Catalog with seven new vulnerabilities based on evidence of active exploitation.
SecurityWeek
Adobe Patches Critical Flaws in Reader, Acrobat
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
ThreatPost
‘Elephant Beetle’ Lurks for Months in Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
Security Affairs
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog
US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536, to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details […]
Security Affairs
Don’t trust links with known domains: BMW affected by redirect vulnerability
The Cybernews research team has discovered some BMW subdomains that were vulnerable to redirect vulnerability.
CSO
SAP users are at high risk as hackers exploit application vulnerabilities
Research highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.
DarkReading
Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel
Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks.
CyberNews
Don’t trust links with known domains: BMW affected by redirect vulnerability
Cybernews researchers have discovered two BMW subdomains that were vulnerable to SAP redirect vulnerability.
Ars Technica
Bug-squashing summer: A month’s worth of 0-day fixes among tech giants
July saw two high-severity bugs in Firefox, while Oracle patched over 500 vulnerabilities.
Cyber Security News
Threat and Vulnerability Roundup For The Week Of 10th to September 16th
This week's Threat and Vulnerability Roundup from Cyber Writes brings you the most recent cybersecurity news.