SAP Security News for December 2019 - Updates, Security Lapse - Safe O'Clock

SAP Security News for December 2019 – Updates, Security Lapse

December 20, 2019

SAP Security Patch Day in December 2019

Every second Tuesday of the month, SAP issues patch releases. For December, the set of security notes consists of 13 items (7 security notes from SAP and 6 additional ones). Each note includes the fixed vulnerabilities discovered in different SAP products. 

The highest CVSS base score of patch update for December 2019 is 9.8, tagged as the Hot News priority. 12 out of 13 notes have received the medium priority rating.

Four updates out of 13 address to Missing authorization check vulnerabilities, the most common type of vulnerabilities this month as well as the previous one.  

As for platforms, SAP ABAP has six vulnerabilities, which is more than in other platforms in this set of security notes. 

Organizations running SAP have to secure data that SAP stores since attacks on their systems allow a cyber attacker to catch or change different business-critical information. 

So SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

SAP Security Lapse

The very beginning of December 2019 became notorious for the SAP security lapse. New Zealand’s firearms buy-back scheme has been central to a data breach caused by human error at SAP.

After a software update mistakenly assigned higher-level privileges to some users within New Zealand’s firearms buy-back notification database. An update on the website caused personal data exposure. Names, addresses, dates of birth, firearms license numbers and bank account details were accessible. 

SAP called this case “human error”. The error involved wrong security profiles assigned to gun dealers. 

Why is this important? This incident serves as a reminder to us all that we have to be particularly secure with people’s personal information.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK