[VIM] SAP - 500+ security notes
jericho at attrition.org
Mon Dec 20 02:16:25 CST 2010
14 December 2010, 20:40
Over 500 patches for SAP
On Tuesday, SAP . one of the largest manufacturers of business
applications and enterprise software . released a huge number of so-called
Security Notes. An e-mail sent to SAP customers speaks euphemistically of
"a significant number of security notes", it's rumoured there are 525 of
According to the email, the "volume of fixes" was due to the use of new
tools and methods in the quality assurance process. The vulnerabilities
range from directory traversal via cross-site scripting, to SQL injection.
However, most of the patches can be added through a "technical upgrade" to
the new product release "SAP Business Suite 7 Innovations 2010". This then
leaves only a handful of patches to be added manually.
Details of the vulnerabilities and the patches have not been made public
and are only available to customers with ID and password access to the
Service Market Place on SAP sites.
More information about the VIM