Number: AV17-045
Date: 13 April 2017
Purpose
The purpose of this advisory is to bring attention to recently published Security Notes by SAP.
Assessment
SAP has released 12 Security Notes as part of their April Security Patch Day designed to address multiple vulnerabilities in several SAP products as well as a Security Note 2419592 of Very High priority.
Vulnerabilities addressed in the April Security Patch Day Security Notes include: Remote Code Execution, Incorrect Authorization Checks, Cross Site Scripting, Missing Authorization Check, Missing XML Validation vulnerability , Information Disclosure in DBISQL affecting SAP SQL Anywhere and others.
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly.
References
https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/