Services Vulnerabilities Exploits Publications News Blog About DSecRG

SAP critical patch update september 2011

SAP released monthly critical patch update for september 2011. This patch update closes about 70 vulnerabilities in SAP products. 17 of those vulnerabilities were founded by different experts. Traditionnaly DSecRG researchers Alexander Polyakov, Alexey Tuyrin and Evgeniy Neyolov who found 3 vulnerabilities are among them.

SAP traditionally sent acknowledgements for founded vulnerabilities to security researchers from DSecRG on their acknowledgement page.

Detailed list of corrected vulnerabilities is below:

The most critical vulnerability is bypassing authentication and authorization mechanisms in one of the WEB applications. Update is available is sap note 1567389. Criticality according to CVSS is 6.4.

XSS vulnerability. Update is available in sap note 1591749. Criticality according to CVSS is 4.3.

SMBrelay vulnerability in one of reports. Update is available in sap note 1591146. Criticality according to CVSS is 3.4.

It is highly recommended to patch all those issues to prevent business risks.

Solutions for those issues are available in SAP Notes: 1567389, 1591749, 1591146

Advisories for those issues with technical details will be available in 3 months on and also on site.

Kuwaiti oil barons are worried about SAP security

ERPScan educates German students

ERPScan researchers guard Adobe

ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list

© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail:
Rss: Vulnerabilities, Exploits, News, Publications, Summary