SAP releases security updates fixing five critical vulnerabilities
Dark Lab on Mar 17 2023
Share:
On 14 March 2023, SAP released their monthly patch advisory, including five (5) critical vulnerabilities. Vulnerabilities in SAP products are widely exploited by malicious actors the potential to access critical infrastructure and highly sensitive data post-exploitation.
We recommend impacted users to apply the patches as soon as possible. While none of the aforementioned vulnerabilities have been observed to be actively exploited by malicious actors, we observe 10 historic SAP vulnerabilities listed on CISA’s Known Exploited Catalog. We advise reviewing publicly-exposed assets for the necessity of Internet-facing deployment and, if necessary, ensure that exposed SAP assets are protected by a reverse proxy in the demilitarised zone.
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
We recommend impacted users to apply the patches as soon as possible. While none of the aforementioned vulnerabilities have been observed to be actively exploited by malicious actors, we observe 10 historic SAP vulnerabilities listed on CISA’s Known Exploited Catalog. We advise reviewing publicly-exposed assets for the necessity of Internet-facing deployment and, if necessary, ensure that exposed SAP assets are protected by a reverse proxy in the demilitarised zone.
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10