SAP Security Notes - June 2016

Number: AV16-099
Date: 15 June 2016

Purpose

The purpose of this advisory is to bring attention to recently published Security Notes by SAP.

Assessment

SAP has released 13 Security Notes as part of their June Security Patch Day designed to address multiple vulnerabilities (including 1 critical, 3 high) in several SAP products. Two updates are also available relating to previously released Patch Day Security Notes. Vulnerabilities addressed in the June Security Patch Day Security Notes include: Cross Site Scripting, Missing Authorization AuthorizationAccess privileges granted to a user, program, or process. Check, Denial of Service, Information Disclosure, and Code Injection Code injectionIntroducing malicious code into a computer program by taking advantage of a flaw in the program, or in the way it interprets data input by users. .

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly.

References:

Date modified: