Security News > 2021 > August > SAP Patches Nine Critical & High-Severity Bugs
"HotNews" is the severity rating that SAP gives to critical vulnerabilities.
Given the nine critical patches, Fritsch dubbed last month's light SAP Patch Tuesday the "Calm before the storm." In fact, he said, Tuesday's raft of patches have earned August the dubious honor of being "The most noteworthy SAP Patch Day this year" for customers, he wrote.
"The small group of SAP applications that are affected by a CVSS 9.9 vulnerability in 2021 is now extended with SAP Business One and SAP NetWeaver Development Infrastructure," Fritsch noted.
Word of caution to SAP Enterprise Portal customers in particular, he said, given the four patches released for the app, three of them rated high priority.
Enterprises will hopefully jump on the patches with utmost speed, given how fast SAP bugs are weaponized.
An April threat intelligence report from Onapsis and SAP found that critical SAP vulnerabilities are turned into exploits "In less than 72 hours of a patch release." It's even worse for new, unprotected SAP apps provisioned in cloud environments: They're being discovered and compromised in less than three hours, according to the alert.