SAP Security Notes

Read our latest SAP security bulletins to patch vulnerabilities in your SAP systems

SAP Security Notes, April 2017

Note 2419592 includes further corrections for a code injection vulnerability in TREX that was originally patched by SAP through Note 2234226 in February 2016. The vulnerability impacts the TREXNet protocol used for internal communications by TREX components and servers. TREXNet communication does not require any authentication. Therefore, the protocol can be abused to execute dangerous …
Read this Advisory

SAP Security Notes, March 2017

Note 2424173 deals with vulnerabilities in SAP HANA that were the subject of media attention in March. This includes coverage from the television news channel MSNBC. The vulnerabilities impact areas such as User Self Service Tools that support account-related tasks including password resets and self-registration through a web interface. The Note carries a CVSS of …
Read this Advisory

SAP Security Notes, February 2017

Note 2410061 patches a dangerous Distributed Denial of Service (DDoS) vulnerability in the Data Orchestration Engine (DOE) Administration Portal. The DOE is used to access the SAP NetWeaver Mobile Administrator to manage and monitor mobile system landscapes. This includes connecting mobile clients, deploying agents and packages to mobile devices, managing single sign-on, and other tasks. …
Read this Advisory

SAP Security Notes, January 2017

Note 2407862 deals with a highly dangerous buffer overflow vulnerability in Sybase Software Asset Management (SySAM) that scores almost 10/10 using the Common Vulnerability Scoring System.  SySAM performs license management for products such as ASE, ESP, PowerDesigner and the Replication Server. The vulnerability arises from the Flexera Flexnet Publisher software bundled in SySAM. The third …
Read this Advisory

We are proud to work with some of the World’s most renowned brands.