SAP Security News for October 2019 - Safe O'Clock

SAP Security News for October 2019

October 9, 2019

SAP Security Patch Day in October

Every second Tuesday of the month, SAP issues patch releases. For October, the set of security notes consists of 10 items (3 of them are additional ones), which is less than the previous month. Each note includes the fixed vulnerabilities discovered in different SAP products. 

The highest CVSS (Common Vulnerability Scoring System) base score of patch update is 9.1, which is Hot News by priority. This fix addresses an Information Disclosure vulnerability that allows an attacker to disclose sensitive information.

Three of 10 updates relate to Cross-site scripting vulnerabilities that enable malefactors to inject malicious scripts into web pages and to bypass access controls and learn business-critical information. The other three notes refer to the Missing authorization checks, which can help to access a service without any authorization procedures and launch other attacks.

SAP JAVA platform has more vulnerabilities than other platforms in October’s set of security notes. Four security notes refer to JAVA.

Organizations running SAP have to secure data that SAP stores since attacks on their systems allow catching or changing different business-critical information. 

Therefore, the vendor recommends that the customer visits the SAP Support Portal and applies patches to protect the landscape.

About SAP ERP Data Breaches

For the past decade, almost every year we saw an increase in data breaches, some made headline news for several months. You may ask, what about SAP ERP security that is so critical for your business operations?

In 2019 some studies were conducted. They show that most organizations have had an ERP breach in the last 2 years. The compromised information includes sales data, HR data, intellectual property, and financial data.

This cannot but raise concerns particularly the possibility of insider trading and further fraudulent actions.

What are the most common S/4 HANA security and remediation challenges?

SAP S/4HANA is an integrated ERP system that runs on our in-memory database, SAP HANA. 

All SAP customers can be broadly divided into three groups: those who go straight to S/4 HANA, having not previously run SAP; companies opting for migration; and redesigning business processes and implementing the new platform from scratch.

The security issues of all these organizations are almost the same. Four of them are worth considering:

  1. Critical access and SoD risks of SAP standard roles 
  2. Business process redesigns resulting in the change of role designs 
  3. Lack of tools to identify S/4 HANA access risks and SoDs 
  4. Limited knowledge or expertise to recommend appropriate role designs or controls

Ensuring the environment is secured is paramount in order to avoid costly remediation at a later point.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for February 2024

SAP strengthens AI growth areas  In recent years, artificial intelligence has rightfully begun to gain increasing popularity among developers – […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK