SAP software admins should install the latest security updates quickly. Otherwise, malicious code attacks, among other things, could be imminent.
Three of the fourteen closed gaps are considered “critical“. They concern SAP Business One, NetWeaver Development Infrastructure and NZDT Row Count Reconciliation. It is currently not known what the attacks might look like in detail. The brief descriptions in the warning suggest that attackers could upload their own files and even execute their own commands on vulnerable systems.
Five further weaknesses are with “high“And six with”middle“Classified. After successful attacks, attackers could circumvent authorizations or carry out XSS attacks. This affects, for example, SAP BusinessObjects and Cloud Connector.