Security News
SAP announced that the Supervisory Board appointed Julia White and Scott Russell to the Executive Board. "We are very pleased to have both Julia and Scott join the Executive Board to help continue SAP's strategic direction," said Professor Hasso Plattner, chairman of the Supervisory Board of SAP SE. "We would also like to thank Adaire for her long-standing contribution to the company."
German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. Dealing with multiple vulnerabilities in SAP Business Warehouse, the most important of these issues carry a CVSS score of 9.9.
Virtustream announced Data Slicing and Masking Services for SAP, helping customers automate, copy and secure data in non-production environments. Virtustream's new Data Slicing and Masking Services for SAP solve these challenges through a full, end-to-end software implementation that delivers flexible data extraction, copy reduction, and masking and scrambling capabilities.
SAP this week released eleven security notes as part of its December 2020 Security Patch Day, including four that were rated 'hot news. Featuring a CVSS score of 10, the most important of the notes addresses a missing authentication check vulnerability in SAP NetWeaver AS JAVA. Identified by security researchers at Onapsis, a firm that specializes in securing Oracle and SAP applications, the issue could allow an unauthenticated attacker to perform privileged actions over a TCP connection.
For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.
Dynatrace announced its expanded partnership with SAP will help prepare the world's leading retailers for a successful Cyber Monday and beyond. "As a part of our digital transformation efforts, we needed to migrate our e-commerce to a more advanced platform. This required digital experience monitoring to understand precisely which improvements to prioritize and ensure everything performs as expected," said Christoferson Chua, B2B E-Commerce Lead Developer, at ASICS. "The combined power of Dynatrace digital experience monitoring and SAP Commerce Cloud helps us understand and pinpoint bottlenecks across our e-commerce integrations, enabling our teams to proactively drive innovation and optimizations to achieve a fast and responsive storefront. Ultimately, this allows us to strengthen our relationships with customers and partners, as well as our brand value."
SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products. One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.
IBM announced new services, partnerships and capabilities designed to help clients accelerate their hybrid cloud journeys and deploy and run SAP software workloads wherever they choose - from the IBM public cloud to on-premises. Global clients across industries are choosing to run their SAP software workloads on IBM Cloud, including Peruvian construction company Cementos Pacasmayo, Coca-Cola European Partners, the world's largest Coca-Cola bottler based on revenue, and Italian fashion footwear retailer Primadonna Collection.
The updates released by SAP for October 2020 include 15 Security Notes, including one that addresses a critical vulnerability. Featuring a CVSS score of 10, the critical flaw is an OS command injection vulnerability that affects CA Introscope Enterprise Manager version 10.7.0.304 or lower.
Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet and NetWeaver and ABAP Platform, which feature CVSS scores of 9.6 and 9.1, respectively. "An exploit of the vulnerability enables an attacker to perform tasks related to contact and interaction data," Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.