SAP Security News for December 2019 - Safe O'Clock

SAP Security News for December 2019

December 20, 2019

SAP Security Patch Day in December 2019

Every second Tuesday of the month, SAP issues patch releases. For December, the set of security notes consists of 13 items (7 security notes from SAP and 6 additional ones). Each note includes the fixed vulnerabilities discovered in different SAP products. 

The highest CVSS base score of patch update for December 2019 is 9.8, tagged as the Hot News priority. 12 out of 13 notes have received the medium priority rating.

Four updates out of 13 address to Missing authorization check vulnerabilities, the most common type of vulnerabilities this month as well as the previous one.  

As for platforms, SAP ABAP has six vulnerabilities, which is more than in other platforms in this set of security notes. 

Organizations running SAP have to secure data that SAP stores since attacks on their systems allow a cyber attacker to catch or change different business-critical information. 

So SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

SAP Security Lapse

The very beginning of December 2019 became notorious for the SAP security lapse. New Zealand’s firearms buy-back scheme has been central to a data breach caused by human error at SAP.

After a software update mistakenly assigned higher-level privileges to some users within New Zealand’s firearms buy-back notification database. An update on the website caused personal data exposure. Names, addresses, dates of birth, firearms license numbers and bank account details were accessible. 

SAP called this case “human error”. The error involved wrong security profiles assigned to gun dealers. 

Why is this important? This incident serves as a reminder to us all that we have to be particularly secure with people’s personal information.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – February 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 13 new Security Notes. There were […]

Read more
SAP Security Notes – January 2024

On the 9th of January 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP Security Notes – December 2023

On the 12th of December 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP Security Notes – November 2023

On the 14th of November 2023, SAP Security Patch Day saw the release of 3 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK