Services Vulnerabilities Exploits Publications News Blog About DSecRG


SAP critical patch update june 2011

SAP released monthly critical patch update for june 2011. This patch updates close about 40 vulnerabilities in SAP products. 10 of those vulnerabilities were founded by different experts. Traditionnaly DSecRG researcher Dmitriy Chastuhin who found 2 vulnerabilities is among them.

SAP traditionally send acknowledgements for founded vulnerabilities to security researchers from DSecRG on their acknowledgement page.

Both vulnerabilities have medium security level (5.0 and 4.3 by CVSS). Vulnerabilities are found in SAP NetWeaver J2EE Engine and can give attacker access to user's session.

It is highly recommended to patch all those issues to prevent business risks.

Solutions for those issues are available in SAP Notes: 1545883, 1562292.

Advisories for those issues with technical details will be available in 3 months on erpscan.com and also on DSecRG.com site.

We also published details about vulnerabilities that were closed 3 month ago in march 2011


DSECRG-11-023
DSECRG-11-024
DSECRG-11-025
DSECRG-11-026


News RSS RSS
06.06.2012
Kuwaiti oil barons are worried about SAP security

01.06.2012
ERPScan educates German students

25.05.2012
ERPScan researchers guard Adobe

24.04.2012
ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search