Security News

Alfresco Software announced the immediate availability of Alfresco Content Connector for SAP, a collaboration and integration tool that can connect up to 100 different SAP systems or content repositories to Alfresco Digital Business Platform or Alfresco Cloud, and enable users to share their SAP-stored, important information effortlessly. SAP certification provides Alfresco customers with fully-certified, native integration with line-of-business SAP applications and ensures that Alfresco Digital Business Platform or Alfresco Cloud can be used seamlessly with SAP ERP and SAP S/4 HANA on either traditional relational database management systems or the SAP HANA database.

AppDynamics announced SAP Peak, providing technologists with a new and comprehensive set of monitoring tools that connect the most critical components of SAP landscapes with real-time business context. SAP Peak gives enterprise companies deep visibility into their SAP environments and how they are driving business performance.

August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.

SAP this week announced the release of 15 new Security Notes as part of the August 2020 SAP Security Patch Day, including some that address serious vulnerabilities in NetWeaver. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to create and modify content and folders, as well as upload files.

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April.

Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.

HPE announced plans to partner with SAP to deliver the customer edition of SAP HANA Enterprise Cloud with HPE GreenLake, as a fully managed service at the edge, in the customer's data center or colocation facility of their choice. HPE GreenLake's robust cloud services and compliance analytics tools will enable SAP to offer on-premise white-glove operations and application management services that SAP HANA Enterprise Cloud is known for at the customer's location of choice.

Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted. RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.

Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. Investigation highlights the dangers of using counterfeit Cisco switchesAn investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.

Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just as a researcher released a proof-of-concept exploit. Onapsis, a company specializing in the protection of business-critical applications, revealed on Tuesday that many SAP products that use the NetWeaver AS Java technology stack could be exposed to remote attacks due to a critical vulnerability tracked as CVE-2020-6287 and dubbed RECON. A remote and unauthenticated attacker who has access to the targeted system can exploit CVE-2020-6287 to create a new SAP admin user, allowing them to gain full control of the system.