Security News > 2020 > March > Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks
2020-03-11 18:06
SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news.
The most important of the notes address critical missing authorization checks in Solution Manager.
Providing central management for SAP and non-SAP systems, Solution Manager requires the installation of Solution Manager Diagnostic Agent on each host.
The attacker could then exploit other vulnerabilities to potentially gain access to the full SAP landscape.
Due to exploitation not requiring any kind of privileges, the bug is considered critical severity, Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
News URL
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)