Number: AV17-124
Date: 10 August 2017
Purpose
The purpose of this advisory is to bring attention to recently published Security Notes by SAP.
Assessment
SAP has released 16 Security Notes as part of their August Security Patch Day designed to address multiple vulnerabilities in several SAP products.
Products Affected:
- Point of Sale (POS) Retail Xpress Server
- NetWeaver AS Java Web Container
- Visual Composer 04s iviews
- BusinessObjects
- NetWeaver Java Server
- Sybase
- CRM WebClient User Interface
- CRM IPC Pricing
- CRM WebClient UI
- NetWeaver Business Client for HTML
- SRM Live Auction Application
- Adobe Document Services
- Web Intelligence
- NetWeaver
- NetWeaver Logon Application
- NetWeaver K.M. Web Page Composer
- ABAP Workbench
SAP Security Note References: 2486657, 2376081, 2381071, 2499109, 2494184, 2450979, 2481262, 2425744, 2417020, 2493099, 2392719, 2428512, 2453642, 2423540, 2394536, 2463354.
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly.
References
https://blogs.sap.com/2017/08/08/sap-security-patch-day-august-2017/