Friday, September 2, 2016

SAP issues 26 patches to fix denial of service and SQL injection flaws | Computing

"Critical patch update fixes a total of 30 flaws in SAP’s ERP software - SAP has issued a series of 13 patches to fix security flaws exposing customers to the risk of denial of service attacks, cross-site scripting flaws and even a SQL injection flaw.
On top of that, SAP has also updated patches for 13 security flaws that were supposed to have been fixed in last month's SAP patch consignment. 
Other fixed flaws include two directory traversal vulnerabilities and two missing authorization check security flaws. According to ERPSsan, which specializes in analyzing ERP software for security flaws, 14 of the released SAP Security Notes have a ‘high priority' rating and one has what it calls a ‘Hot News' rating. It claims that 559 SAP servers worldwide are at risk of the denial of service vulnerability, with a cluster of vulnerable servers located in London and Ireland. Most, however, are located in India, the US or China." Read more...