Pierluigi Paganini
May 11, 2017
SAP issued the May 2017 Security Update that addresses 17 security Vulnerabilities. On Tuesday SAP released the May 2017 security update that addresses 17 vulnerabilities in its products, 9 of them were released on this Security Patch Day. “On 9th of May 2017, SAP Security Patch Day saw the release of 9 security notes. Additionally, there were […]
Pierluigi Paganini
April 13, 2017
SAP has issued a security patch for the SAP TREX search engine that addresses also a two-years old critical vulnerability. SAP has issued a security patch for the SAP TREX search engine that addresses multiple vulnerabilities discovered by the experts in a 2015 patch released in December 2015. The SAP TREX search engine is used […]
Pierluigi Paganini
December 12, 2016
A PricewaterhouseCoopers SAP software, the Automated Controls Evaluator (ACE), is affected by a critical security flaw that could be exploited by hackers. A software developed by PricewaterhouseCoopers for SAP systems, the Automated Controls Evaluator (ACE), is affected by a critical security flaw. The vulnerability was discovered by the security firm ESNC who analyzed the tool. The Automated Controls […]
Pierluigi Paganini
November 02, 2016
Experts from ERPScan revealed that a SAP flaw patched in September still impacts more than 900 SAP systems exposed to the Internet. An information disclosure vulnerability in SAP that was patched in September impacts more than 900 SAP systems that are exposed to the Internet. According to the expert Sergiu Popa from Quenta Solutions who reported the […]
Pierluigi Paganini
May 12, 2016
Security experts collected evidence that up to 36 global organizations have been hacked via exploits against an old flaw in SAP Business Applications A five-year-old flaw in SAP software is threatening business worldwide, at least 36 global organizations have been hacked via exploits used to trigger a vulnerability in SAP Business Applications. The flaw resides on […]
Pierluigi Paganini
March 11, 2016
An attacker who manages to get access to a user’s configuration file for SAP Download Manager might be able to obtain the stored proxy password. Are you a SAP user? Do you use the SAP Download Manager that allows downloading of software packages and support notes? You urgently need to update it in order to fix […]
Pierluigi Paganini
February 10, 2016
SAP fixed a vulnerability affecting SAP MII can be used as a starting point of multi-stage attacks aiming to get control over plant devices and manufacturing systems. SAP fixed a critical vulnerability in its application that could be exploited by hackers, especially nation-state actors, to compromise industrial manufacturing software. SAP issued a critical software update that […]
Pierluigi Paganini
June 20, 2015
Security experts at ERPScan discovered a serious security issue in SAP’s in-memory relational database management system, HANA. The SAP in-memory relational database management system, HANA, is affected by a serious security issue, the static encryption key is stored in the database. The fact that the encryption key is static means that every SAP HANA installation […]
Pierluigi Paganini
May 15, 2015
SAP products make use of a proprietary implementation of LZC and LZH compression algorithms that could be exploited by attackers in several ways. For the second time in a week, we are speaking about security vulnerabilities affecting SAP systems, recently I wrote about a study published by the Onapsis firm that revealed over 95% of SAP […]
Data Breach / September 29, 2025
