Security News > 2020 > March > Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks
SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news.
The most important of the notes address critical missing authorization checks in Solution Manager.
Providing central management for SAP and non-SAP systems, Solution Manager requires the installation of Solution Manager Diagnostic Agent on each host.
The attacker could then exploit other vulnerabilities to potentially gain access to the full SAP landscape.
Due to exploitation not requiring any kind of privileges, the bug is considered critical severity, Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
News URL
Related news
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)