Security News

For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.

Dynatrace announced its expanded partnership with SAP will help prepare the world's leading retailers for a successful Cyber Monday and beyond. "As a part of our digital transformation efforts, we needed to migrate our e-commerce to a more advanced platform. This required digital experience monitoring to understand precisely which improvements to prioritize and ensure everything performs as expected," said Christoferson Chua, B2B E-Commerce Lead Developer, at ASICS. "The combined power of Dynatrace digital experience monitoring and SAP Commerce Cloud helps us understand and pinpoint bottlenecks across our e-commerce integrations, enabling our teams to proactively drive innovation and optimizations to achieve a fast and responsive storefront. Ultimately, this allows us to strengthen our relationships with customers and partners, as well as our brand value."

SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products. One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.

IBM announced new services, partnerships and capabilities designed to help clients accelerate their hybrid cloud journeys and deploy and run SAP software workloads wherever they choose - from the IBM public cloud to on-premises. Global clients across industries are choosing to run their SAP software workloads on IBM Cloud, including Peruvian construction company Cementos Pacasmayo, Coca-Cola European Partners, the world's largest Coca-Cola bottler based on revenue, and Italian fashion footwear retailer Primadonna Collection.

The updates released by SAP for October 2020 include 15 Security Notes, including one that addresses a critical vulnerability. Featuring a CVSS score of 10, the critical flaw is an OS command injection vulnerability that affects CA Introscope Enterprise Manager version 10.7.0.304 or lower.

Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet and NetWeaver and ABAP Platform, which feature CVSS scores of 9.6 and 9.1, respectively. "An exploit of the vulnerability enables an attacker to perform tasks related to contact and interaction data," Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.

Alfresco Software announced the immediate availability of Alfresco Content Connector for SAP, a collaboration and integration tool that can connect up to 100 different SAP systems or content repositories to Alfresco Digital Business Platform or Alfresco Cloud, and enable users to share their SAP-stored, important information effortlessly. SAP certification provides Alfresco customers with fully-certified, native integration with line-of-business SAP applications and ensures that Alfresco Digital Business Platform or Alfresco Cloud can be used seamlessly with SAP ERP and SAP S/4 HANA on either traditional relational database management systems or the SAP HANA database.

AppDynamics announced SAP Peak, providing technologists with a new and comprehensive set of monitoring tools that connect the most critical components of SAP landscapes with real-time business context. SAP Peak gives enterprise companies deep visibility into their SAP environments and how they are driving business performance.

August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.

SAP this week announced the release of 15 new Security Notes as part of the August 2020 SAP Security Patch Day, including some that address serious vulnerabilities in NetWeaver. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to create and modify content and folders, as well as upload files.