A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport directory.
SAP transport system vulnerable to malicious interference
SAP software products are used by companies across the globe, with many providing critical infrastructure, food, energy, and medical supplies. The internal SAP development supply chain is used by customers to request additional functionality and in-house developments to the SAP standard, with changes provided via various staging systems of the respective SAP landscape with SAP transport requests. These requests should not be modified after they have been exported from the central transport directory and released.
To read this article in full, please click here
More Stories
How Confidence Between Teams Impacts Cyber Incident Outcomes
Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations...
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ” Read...
Sellafield Fined for Cybersecurity Failures at Nuclear Site
A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility...
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
The UK's Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were...
CRI Releases Guidance on Avoiding Ransomware Payments
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments Read More
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations Read More