Security News > 2020 > March > Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks
SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news.
The most important of the notes address critical missing authorization checks in Solution Manager.
Providing central management for SAP and non-SAP systems, Solution Manager requires the installation of Solution Manager Diagnostic Agent on each host.
The attacker could then exploit other vulnerabilities to potentially gain access to the full SAP landscape.
Due to exploitation not requiring any kind of privileges, the bug is considered critical severity, Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
News URL
Related news
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)