Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

SAP Security Notes - April 2017

Number: AV17-045
Date: 13 April 2017

Purpose

The purpose of this advisory is to bring attention to recently published Security Notes by SAP.

Assessment

SAP has released 12 Security Notes as part of their April Security Patch Day designed to address multiple vulnerabilities in several SAP products as well as a Security Note 2419592 of Very High priority.

Vulnerabilities addressed in the April Security Patch Day Security Notes include: Remote Code Execution, Incorrect Authorization AuthorizationAccess privileges granted to a user, program, or process. Checks, Cross Site Scripting, Missing Authorization Check, Missing XML Validation vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. , Information Disclosure in DBISQL affecting SAP SQL Anywhere and others.

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly.

References

https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/

Date modified: