SAP issues patches for critical bugs

By

US DHS warns exploits could halt all operations.

SAP has published patches for a number of critical vulnerabilities in Internet Connection Manager (ICM) and other products.

SAP issues patches for critical bugs

America’s Department of Homeland Security’s CISA summarised the importance of the patches here.

The CISA warned that impacts of the vulnerabilities could range from data theft to a “halt of all operations”.

There was also a separate advisory published by security research firm Onapsis.

SAP’s February Patch Day announcement details eight vulnerabilities with CVSS scores of 10, making them the most critical to patch. 

While technical details of the vulnerabilities are yet to be published, the products affected by the most critical vulnerabilities are SAP Web Dispatcher, Content Server, NetWeaver and ABAP Platform, Commerce, Data Intelligence, Dynamic Authorisation Management, Internet of Things Edge Platform, Customer Checkout, and Business Client.

Onapsis, which worked with SAP on three of the vulnerabilities (CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533), noted that the ICM is “one of the most important components of an SAP NetWeaver application server,” which is “present in most SAP products”.

These vulnerabilities, Onapsis said, “enable attackers to execute serious malicious activities on SAP users, business information, and processes”.

Onapsis has published a free assessment tool for customers to see if their systems are affected by the CVE-2022-22536 vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?