SAP has announced massive security updates, addressing several critical vulnerabilities across its enterprise software portfolio. The most urgent fixes target two zero-day flaws in SAP NetWeaver Visual Composer, which have already been exploited by attackers. The vulnerabilities allow unauthenticated attackers to remotely upload and execute malicious files on vulnerable SAP servers. These flaws could lead to full system compromise, data theft, and service disruption if left unpatched.
On May 13th, Patch Day, the company released 18 new security notes. These include patches for SAP’s key products, such as S/4HANA, Business Objects, and Live Auction Cockpit. The company rates some of these vulnerabilities as “Critical,” which indicates the highest level of security.
“Organizations running affected SAP products should prioritize these updates immediately,” SAP said in its advisory. “We have observed active exploitation attempts targeting these vulnerabilities in the wild.”
Furthermore, for customers who are still using the unsupported versions of SAP NetWeaver Java, SAP has provided workaround recommendations to help mitigate risk until systems can be upgraded or replaced.
All SAP customers are urged to review the official security notes and apply all relevant patches as soon as possible to protect against potential cyberattacks.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
