Security News > 2020 > March > Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks
2020-03-11 18:06
SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news.
The most important of the notes address critical missing authorization checks in Solution Manager.
Providing central management for SAP and non-SAP systems, Solution Manager requires the installation of Solution Manager Diagnostic Agent on each host.
The attacker could then exploit other vulnerabilities to potentially gain access to the full SAP landscape.
Due to exploitation not requiring any kind of privileges, the bug is considered critical severity, Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
News URL
Related news
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Most critical vulnerabilities aren’t worth your attention (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)