Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Analyzing the SAP June 2018 Security Patch Day

SAP June 2018 Security Patch Day addresses two security notes, the company fixed five issues for previously released notes, including two critical flaws rated Hot News. The most common flaw types are Cross-Site Scripting and Remote Command Execution,  followed by implementation flaws and information disclosure. “It seems that the downward trend in the number of monthly […]

SAP

SAP June 2018 Security Patch Day addresses two security notes, the company fixed five issues for previously released notes, including two critical flaws rated Hot News.

The most common flaw types are Cross-Site Scripting and Remote Command Execution,  followed by implementation flaws and information disclosure.

“It seems that the downward trend in the number of monthly notes is continuing. This month, a total of 14 security notes has been released, with only seven notes published today. Seven notes in total (50%) are tagged as High Priority or Hot News.” reads the post published by Onapsis.

The two Hot News Security Notes received CVSS scores of 9.8 and 9.1, respectively, they affect SAP Business Client (version 6.5) and SAP BASIS (versions 7.31, 7.40, 7.50, 7.51, 7.65, 7.66).

The first update is related to a Security Note released on April 2018 Patch Day, it addresses third-party web browser controls delivered with SAP Business Client, while the latter is an update for a Note released on November 2016 Patch Day that addresses an OS command injection vulnerability in the Report for Terminology Export component.

SAP June 2018 Security Patch Day also addresses four High severity vulnerabilities and four Medium risk flaws.

“On 12th of June 2018, SAP Security Patch Day saw the release of 5 Security Notes. Additionally, there were 5 updates to previously released security notes.” states the SAP’s advisory.

The most severe high-risk flaw is an information disclosure vulnerability tracked as CVE-2018-2425 affects the SAP Business One- The flaw resides in the Business One version for the SAP HANA backup service and could be exploited by an attacker to access restricted information.

[CVE-2018-2425] Information Disclosure in SAP Business One for SAP HANA Backup Service (#2588475): Business One is SAP’s more lightweight ERP system designed for small to medium-sized businesses. The vulnerability discussed in the note exists in the Business One version for SAP HANA, more specifically in its backup service.” continues the analysis published by Onapsis.

“The note does not contain many details, but mentions the vulnerability allows an attacker to access information which would otherwise be restricted. It does seem the sensitive information exists in the backup service logs. The fix implies updating your Business One component software.” 

SAP June 2018 Security Patch Day

The SAP June 2018 Security Patch Day also addresses a remote command execution flaw tracked as CVE-2015-0899 that affects SAP Internet Sales and DoS issue tracked as CVE-2014-0050 that affects SAP Internet Sales.

SAP also addressed the CVE-2018-2408 flaw described as an improper session management bug in SAP Business Objects.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SAP June 2018 Security Patch Day, Security)

[adrotate banner=”5″]

[adrotate banner=”13″]