Services Vulnerabilities Exploits Publications News Blog About DSecRG


SAP critical patch update july 2011

SAP released monthly critical patch update for july 2011. This patch update closes about 40 vulnerabilities in SAP products. 9 of those vulnerabilities were founded by different experts. Traditionnaly DSecRG researchers Dmitriy Chastuhin and Dmitriy Evdokimov who found 2 vulnerabilities are among them.

SAP traditionally sent acknowledgements for founded vulnerabilities to security researchers from DSecRG on their acknowledgement page.

Most critycal vulnerability are found in BAPI component and can be exploited to execute unwanted functions without authorization. Malicious user may use this to impersonate the user on the front-end system and access all information with the same rights as the target user.

It is highly recommended to patch all those issues to prevent business risks.

Solutions for those issues are available in SAP Notes: 546307, 1599550.

Advisories for those issues with technical details will be available in 3 months on erpscan.com and also on DSecRG.com site.



News RSS RSS
06.06.2012
Kuwaiti oil barons are worried about SAP security

01.06.2012
ERPScan educates German students

25.05.2012
ERPScan researchers guard Adobe

24.04.2012
ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search