Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Flaws fixed in SAP's police and military software

Armed forces, cops and others get patched

Three of the 31 patches pushed out by SAP on Tuesday tackle flaws in the ERP giant’s technology for Defense Forces & Public Security.

In particular, SAP's Defense Forces & Public Security and SAP Mobile Defense & Security components are susceptible to a missing authorisation check vulnerability. “This issue potentially allows an attacker to read, modify or delete restricted data and is not usually considered critical, “ Alexander Polyakov, CTO and co-founder at ERPScan told El Reg. “However, the effect of even such low-impact vulnerability could be devastating when it comes to armed forces.”

SAP for Defense Forces & Public Security is designed for armed forces, police, and aid organisations and offers ERP technology optimised to their particular needs. The software offers functions such as mapping organisational structures and material and personnel resource planning, accounting and funds management, materials management and more.

Other significant patches in SAP’s December batch include a fix for a directory traversal in flaw SAP UserAdmin Application and a patch for a potential remote code execution bug in SAP BI Platform.

Now that the December patch batch is out, yearly totals can be compiled. SAP released 315 throughout 2016, slightly less than in 2015. Cross-site scripting (XSS) remains the most common vulnerability type, ERPScan reports.

In response to a request for comment, SAP said it welcomed the input of researchers such as ERPScan.

SAP Product Security Response Team collaborates frequently with research companies like ERPScan to ensure a responsible disclosure of vulnerabilities. The vulnerabilities in question has been fixed by SAP and the patches have been made available for download on the SAP Service Marketplace. We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Service Marketplace immediately.

Tuesday also brought security updates from Microsoft, Apple and Adobe. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like