Unveiling the following events:
In a move to safeguard its customers' digital assets, SAP has released a high-priority security patch to address a critical vulnerability in its Business Technology Platform (BTP) Security Services Integration Libraries.
The vulnerability, identified as SAP Security Note #3411067, has a CVSS score of 9.1, making it a significant threat. This issue could potentially allow an unauthenticated attacker to navigate to arbitrary URLs, including application deep links on a victim's mobile Android device. This could result in an increase of AS ABAP response time and, under certain conditions, grant access to restricted and confidential information.
Furthermore, the system's confidentiality and availability can also be impacted since the vulnerability allows attackers to create Layout configurations of the ABAP List Viewer.
The December Patch Day saw the release of seventeen new and updated SAP Security Notes, including four HotNews Notes and four High Priority Notes. Among these, SAP Security Note #3385711 describes an Information Disclosure vulnerability in SAP GUI for Windows and SAP GUI for Java, with a CVSS score of 7.3.
Jürgen Adolf, a SAP Product Expert, has emphasized the importance of proactive measures to maintain the integrity of SAP BTP environments. He underscored that even using a cloud solution does not prevent customers from establishing their own security and patch processes.
The security vulnerability in SAP BTP Security Services Integration Libraries, fixed by HotNews Note #3411067, was released by SAP to mitigate these risks and ensure the continued security of its customers' digital environments. It is strongly recommended that all SAP BTP users apply this patch as soon as possible to protect their systems.
