Services Vulnerabilities Exploits Publications News Blog About DSecRG


SAP released monthly critical patch update for January 2011

This patch updates close 13 public vulnerabilities in SAP products. 3 of those vulnerabilities were founded by DSecRG researchers Alexander Polyakov and Dmitriy Chastuhin. SAP traditionally sent acknowledgements for founded vulnerabilities to security researchers from DSecRG on their acknowledgement page.

The most critical one is Buffer Overflow in SAP Frontend application that can be exploited to gain unauthorized access to all workstations that use SAP Frontend (SAP GUI for Windows). This vulnerability has priority 1 according to SAP metrics. Others are cross-site scripting vulnerabilities in SAP NetWeaver.

It is highly recommended to patch all those issues to prevent business risks.

Solutions for those issues are available in sap notes: 1504547,1443367,1490335

Advisories for those issues with technical details will be available after 3 month on erpscan.com and also on DSecRG.com site.

News RSS RSS
06.06.2012
Kuwaiti oil barons are worried about SAP security

01.06.2012
ERPScan educates German students

25.05.2012
ERPScan researchers guard Adobe

24.04.2012
ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search