Article Details

SAP fixes critical vulnerabilities in NetWeaver application servers. SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape,” reads the company's security bulletin. The four most severe security problem SAP addressed this month are summarized as follows: Impact and recommendations SAP products serve large enterprises across industries such as manufacturing, finance, retail, healthcare, and government, fulfilling critical roles for managing business operations and customer relations. SAP NetWeaver is a core platform for running ABAP applications and enabling secure communication via the Internet Communication Framework. It’s typically used by IT administrators, developers, and consultants in enterprises managing ERP systems for finance, HR, and supply chain. SAP BusinessObjects is a platform for reporting, analytics, and data visualization used by analysts, decision-makers, and IT teams to derive insights and support strategic decisions. Hackers in the past have targeted SAP products that had not been updated to address known vulnerabilities or were improperly configured, leaving networks exposed to breaches. The German vendor strongly recommends that customers apply the latest patches available to protect their SAP environment.