[VIM] SAP - 500+ security notes

security curmudgeon jericho at attrition.org
Mon Dec 20 02:16:25 CST 2010


14 December 2010, 20:40
Over 500 patches for SAP

On Tuesday, SAP . one of the largest manufacturers of business 
applications and enterprise software . released a huge number of so-called 
Security Notes. An e-mail sent to SAP customers speaks euphemistically of 
"a significant number of security notes", it's rumoured there are 525 of 
these notes.

According to the email, the "volume of fixes" was due to the use of new 
tools and methods in the quality assurance process. The vulnerabilities 
range from directory traversal via cross-site scripting, to SQL injection. 
However, most of the patches can be added through a "technical upgrade" to 
the new product release "SAP Business Suite 7 Innovations 2010". This then 
leaves only a handful of patches to be added manually.

Details of the vulnerabilities and the patches have not been made public 
and are only available to customers with ID and password access to the 
Service Market Place on SAP sites.

More information about the VIM mailing list