More SAP vulnerabilities patched as usual and with a higher security risk.
Last Tuesday was that day of the month where SAP released their monthly SAP Security patches again (Patch Tuesday). We don’t usually write about specific details each month as our customers are used to retrieving the new checks via a Support Package and use that to scan for these new vulnerabilities, but this month is a bit different in the number of vulnerabilities and their risk.
SAP released 17 SAP Security notes, which is higher than normal, but with a total of 6 HotNews Security notes:
Half of them are related to Log4j, for which SAP still effortlessly works on fixes and updates. But one note, in particular, needs a bit more attention:
This SAP Security note deals with a vulnerability in the Internet Communication Manager (ICM) that is part of the core of many SAP components like the SAP Netweaver AS ABAP and SAP Netweaver AS JAVA but also components like the SAP Content Server and the SAP WebDispatcher. This makes the attack base of SAP components really large. Combined with the fact that attacks can take place without any form of authentication, customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. Especially those SAP systems that are internet-facing.
The good news is that public exploits/PoCs are not found until the date on the internet to exploit this vulnerability. However, organisations operating SAP systems are urged to patch this vulnerability asap. Patching can be done by replacing some kernel executables, in general, this leads to downtime. See SAP Security note 3123396 for more information.
For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!
Try out Protect4S for 1 month for free or request a demo!