Security News
Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet and NetWeaver and ABAP Platform, which feature CVSS scores of 9.6 and 9.1, respectively. "An exploit of the vulnerability enables an attacker to perform tasks related to contact and interaction data," Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
Alfresco Software announced the immediate availability of Alfresco Content Connector for SAP, a collaboration and integration tool that can connect up to 100 different SAP systems or content repositories to Alfresco Digital Business Platform or Alfresco Cloud, and enable users to share their SAP-stored, important information effortlessly. SAP certification provides Alfresco customers with fully-certified, native integration with line-of-business SAP applications and ensures that Alfresco Digital Business Platform or Alfresco Cloud can be used seamlessly with SAP ERP and SAP S/4 HANA on either traditional relational database management systems or the SAP HANA database.
AppDynamics announced SAP Peak, providing technologists with a new and comprehensive set of monitoring tools that connect the most critical components of SAP landscapes with real-time business context. SAP Peak gives enterprise companies deep visibility into their SAP environments and how they are driving business performance.
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.
SAP this week announced the release of 15 new Security Notes as part of the August 2020 SAP Security Patch Day, including some that address serious vulnerabilities in NetWeaver. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to create and modify content and folders, as well as upload files.
We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April.
Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.
HPE announced plans to partner with SAP to deliver the customer edition of SAP HANA Enterprise Cloud with HPE GreenLake, as a fully managed service at the edge, in the customer's data center or colocation facility of their choice. HPE GreenLake's robust cloud services and compliance analytics tools will enable SAP to offer on-premise white-glove operations and application management services that SAP HANA Enterprise Cloud is known for at the customer's location of choice.
Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted. RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.
Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. Investigation highlights the dangers of using counterfeit Cisco switchesAn investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.