SAP Security News for September 2019 - Safe O'Clock

SAP Security News for September 2019

October 4, 2019

SAP Security Patch Day in September

SAP, a German software vendor, has over 425,000 customers in over 180 countries. Their products allow large and medium organizations to manage business processes. 

If you are an SAP customer, you know that every second Tuesday of the month, SAP issues patch releases. For September 2019, the set of security notes consists of 16 items. Each of them includes the fixed vulnerabilities discovered in different SAP products. 

SAP vulnerabilities like any vulnerabilities identified in other vendors’ product lines are assessed according to the CVSS standard, or the Common Vulnerability Scoring System. It communicates the technical characteristics and severity of software vulnerabilities and ranges from zero (least severe) to 10 (most severe). This framework shows the ease of exploit, potential impact, and priority – Hot News (10-9), High (8-7), Medium (6-4), and Low (3-0).

The highest CVSS base score of patch update for September 2019 is 9.1, referring to two OS Command Execution vulnerabilities both addressing SAP JAVA platform. 

Organizations running SAP have to secure data that SAP stores since attacks on their systems allow a cyber attacker to catch or change different business-critical information. 

So SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Discussing how to manage today’s SAP risks

Today there are many cybersecurity tools that are more or less effective in protecting SAP systems. However, SAP clients should keep in mind that security risks are becoming increasingly serious and always stay alert. Protecting SAP applications is not the only focus business leaders usually expect from teams. They also want more in terms of “adding value across the wider risk management agenda”.

When Turnkey Consulting’s global management team met in Sydney, Australia, some of the biggest risk-related questions were considered facing SAP customers today. 

The discussions on security challenges with SAP implementations, cyber initiatives, security challenges presented by moving to SAP S/4 HANA, etc. are presented in the videos.

SAP Access Management

When it comes to access management, security professionals pay great attention to the application layers. At the same time, the infrastructure of these applications is often left aside while all the information stored in the program layer can be accessed via the infrastructure. To avoid any security failures on this level, there are numerous questions that should be considered in the first place.

To start with, define who can have access at the infrastructure level.  Who are the users that are allowed to access the infrastructure level and what part of their job role requires access?

It is preferable that the access is provided to the basis team, database administrators, backup administrators, and operating system administrators exclusively.

Then, all the users should be logging in with their own identifiable credentials as well. It is important to enable users’ logging functionality to track users’ actions.

Finally, there should be an emergency procedure planned in advance if some users perform inappropriate actions. Here, the response time predetermines the outcome of the critical situation and the impact on the system’s security overall.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – May 2024

On the 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. There were […]

Read more
SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK