Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

March 2018 SAP Security Patch Day addresses decade-old vulnerabilities

SAP released March 2018 SAP Security Patch Day that addresses High and Medium priority vulnerabilities in its products, including three decade-old issues in SAP Internet Graphics Server. March 2018 SAP Security Patch Day includes 10 Security Notes, three rated High priority and 7 rated as Medium priority. The company also released 17 Support Package Notes, 11 […]

March 2018 SAP Security Patch Day addresses decade-old vulnerabilities

SAP released March 2018 SAP Security Patch Day that addresses High and Medium priority vulnerabilities in its products, including three decade-old issues in SAP Internet Graphics Server.

March 2018 SAP Security Patch Day includes 10 Security Notes, three rated High priority and 7 rated as Medium priority.

The company also released 17 Support Package Notes, 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month.

SAP has released the monthly critical patch update for March 2018. This patch update closes 27 SAP Security Notes (10 SAP Security Patch Day Notes and 17 Support Package Notes). 4 of all the patches are updates to previously released Security Notes. reads the analysis published by security firm ERPScan.

“11 of all the notes were released after the second Tuesday of the previous month and before the second Tuesday of this month.

6 of the released SAP Security Notes received a High priority rating, two was assessed at Low, and 19 fixes were rated medium.”

Of all 27 SAP Security Notes, 6 have a High priority rating and 19 are rated Medium priority. 4 of all the patches are updates to previously released Security Notes.

March 2018 SAP Security Patch Day

The most common vulnerability type continues to be Missing authorization check since January 2018.

The most severe of the Security Notes addresses three decade-old vulnerabilities in SAP Internet Graphics Server (IGS) and received a CVSS Base Score: 8.8 with a High priority rating.

The flaws include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remote code execution)  and impact third-party open source libraries that handle images (libtiff, giflib and libpng).

“The most dangerous vulnerabilities of this update can be patched with the following SAP Security Notes:

2538829: SAP Internet Graphics Server (IGS) has an Security vulnerabilities (CVSS Base Score: 8.8 Memory corruption – CVE-2004-1308, DoS CVE-2005-2974, RCE CVE-2005-3350). Depending on the vulnerability, attackers can exploit a Denial of service vulnerability for terminating a process of vulnerable component. Nobody can use this service. This fact has a negative influence on business processes and business reputation as result. Install this SAP Security Note to prevent the risks.” continues the analysis. 

The ERPScan’s researcher Mathieu Gel helped SAP in identifying a critical Information Disclosure vulnerability in SAP BPA BY REDWOOD (CVSS Base Score: 7.5 CVE-2018-2400).

The flaw could be exploited by an attacker to reveal additional information (e.g. system data, debugging information, etc.) that aids in learning about a system and planning more severe attacks.

March 2018 SAP Security Patch Day also addressed a High-risk information disclosure flaws in SAP HANA capture & replay trace file (CVE-2018-2402 – CVSS Base Score: 7.6).

Further details are available in the analysis published by ERPScan.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SAP, March 2018 SAP Security Patch Day)

[adrotate banner=”5″]

[adrotate banner=”13″]