Security News

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. Drools is an engine that makes up the rules engine for SAP Commerce.

SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory.

Ivanti Wavelink announced that Ivanti Velocity 2.1 and Ivanti Speakeasy 1.0 have achieved SAP certification as integrated with SAP S/4HANA and SAP NetWeaver. Adding SAP Extended Warehouse Management and the browser apps for the mobile internet transaction server component within SAP S/4HANA to its portfolio of supported solutions, Ivanti Wavelink brings a modern, mobile interface to SAP environments.

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager version 7.2.

Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager component. SAP SolMan is an application lifecycle manager deployed in almost all SAP environments and designed to help unify the management of all SAP and non-SAP systems within a single interface.

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. Tracked as CVE-2020-6207 and featuring a CVSS score of 10, the security flaw is a missing authorization check in the EEM Manager component of SolMan, which could allow an unauthenticated, remote attacker to execute operating system commands on hosts, as the SMDAgent.

SAP announced that the Supervisory Board appointed Julia White and Scott Russell to the Executive Board. "We are very pleased to have both Julia and Scott join the Executive Board to help continue SAP's strategic direction," said Professor Hasso Plattner, chairman of the Supervisory Board of SAP SE. "We would also like to thank Adaire for her long-standing contribution to the company."

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. Dealing with multiple vulnerabilities in SAP Business Warehouse, the most important of these issues carry a CVSS score of 9.9.

Virtustream announced Data Slicing and Masking Services for SAP, helping customers automate, copy and secure data in non-production environments. Virtustream's new Data Slicing and Masking Services for SAP solve these challenges through a full, end-to-end software implementation that delivers flexible data extraction, copy reduction, and masking and scrambling capabilities.

SAP this week released eleven security notes as part of its December 2020 Security Patch Day, including four that were rated 'hot news. Featuring a CVSS score of 10, the most important of the notes addresses a missing authentication check vulnerability in SAP NetWeaver AS JAVA. Identified by security researchers at Onapsis, a firm that specializes in securing Oracle and SAP applications, the issue could allow an unauthenticated attacker to perform privileged actions over a TCP connection.