SAP Urges Swift Application of Critical Security Updates for April 2023 to Avert Cyber Attacks

SAP, the world’s largest enterprise software vendor, has recently released its April 2023 security updates for a number of its products, including the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. Among the 24 notes released, there are two critical-severity vulnerabilities that have been addressed. One of these is an insufficient input validation and missing authentication issue affecting the OSCommand Bridge of SAP Diagnostics Agent, while the other is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management). The remaining 11 security flaws fixed in this update concern low to medium-severity vulnerabilities.

Given the prevalence of SAP products in large corporate networks and the interest of hackers in exploiting widely deployed software, it is crucial for system administrators to apply these security patches as soon as possible. SAP has over 425,000 customers in 180 countries, with more than 90% of the Forbes Global 2000 using its products. In the past, unpatched SAP systems have been targeted by threat actors to gain access to corporate networks, resulting in data theft, ransomware attacks, and disruption of mission-critical processes and operations. Hence, speedy patching is highly recommended to prevent such attacks.