The Top 5 Security Notes you should apply to Patch your SAP systems

SAP released 33 patches in the month of April, of which 5 were considered critical. Below are the critical Security Notes that should be applied:

• SAP Notes 1647225 and 1675432 which address missing authorization checks in components of Business Objects Data Services (EIM-DS) and the SAP Classification System (CA-CL).
• SAP Note 1651004 is designed to protect the UME from cross-frame scripting (XFS) attacks that could be used to the steal the logon credentials of SAP users.
• SAP Note 1652803 which fixes a Denial of Service (DoS) vulnerability in certain versions of Apache Tomcat bundled with Business Objects Enterprise
• SAP Note 1657200 which is designed to patch a flaw in an SAP component responsible for managing payment cards, and the injection vulnerability patched by 1638596.

Read more about the SAP Security Notes Advisory and the possible identified issues in this Layerseven Security article.

Author - Raghu Boddu

Raghu Boddu is a SAP Certified Technology Professional (Security), Comptia Security+ , ITIL V3 Foundation, and PRINCE2 Certified. He is an SAP Security/GRC solution architect with rich expertise in implementation & redesigning of Security in SAP. He is also a master in SAP Forensic Security. He is a regular blogger on topics like Security, Governance & Compliance, Application Security, Technology and other trending topics. He is well known to the community with his easy to understand articles.

• View all posts by Raghu Boddu →
• Blog
• Facebook