Security News

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

The most important of these patches are two Hot News Security Notes addressing critical vulnerabilities in SAP Liquidity Management for Banking and SAP Commerce. Also rated Hot News and featuring a CVSS score of 9.8 is a Security Note addressing hard-coded user credentials in SAP Commerce and SAP Commerce Data Hub.

Basis Technologies, creators of the most complete DevOps and test automation platform engineered specifically for SAP systems, announced the introduction of ActiveControl 8.3, the newest version of the company's innovative DevOps automation solution. This market-leading technology enables on-demand delivery of SAP change through the adoption of agile, DevOps and CI/CD. ActiveControl 8.3 helps companies with SAP systems to achieve greater business agility and faster delivery of innovation by enabling adoption of new development methods, improving the quality of SAP change, and increasing productivity through elimination of manual effort.

Censia announced that its Talent Intelligence Platform is now an SAP-Endorsed App, available for online purchase on SAP App Center. Censia's Talent Intelligence can find, evaluate, and rank talent inside and outside the company, in a matter of seconds, and delivers all talent in a single pipeline directly inside the customer's ATS. By using Censia, SAP customers can access the best state-of-the-art recruiting capabilities directly within SAP SuccessFactors.

ASE is used by more than 30,000 organizations globally - including 90 percent of the top banks and security firms worldwide, according to SAP. Researchers disclosed six vulnerabilities that they discovered while conducting security tests for the latest version of the software, ASE 16. While SAP has released patches for both ASE 15.7 and 16.0 in its May 2020 update, researchers disclosed technical details of the flaws on Wednesday, saying "There is no question" that the patches should be applied immediately if they haven't been already.

Cybersecurity firm Trustwave on Wednesday disclosed the details of several vulnerabilities found by its researchers in SAP Adaptive Server Enterprise. SAP ASE is a relational database management system that is used by many major organizations, particularly in the financial sector.

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.

Gurobi Optimization announced that it has been selected by SAP SE as the premier, enterprise-wide supplier for mathematical optimization technology, and has entered into a long-term strategic partnership with SAP to enhance and expand the use of mathematical optimization across SAP's enterprise application software suite. As a result of the partnership, SAP and Gurobi will be able to more effectively collaborate on innovations that will improve the utilization of mathematical optimization within SAP's software.