A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport directory.
SAP transport system vulnerable to malicious interference
SAP software products are used by companies across the globe, with many providing critical infrastructure, food, energy, and medical supplies. The internal SAP development supply chain is used by customers to request additional functionality and in-house developments to the SAP standard, with changes provided via various staging systems of the respective SAP landscape with SAP transport requests. These requests should not be modified after they have been exported from the central transport directory and released.
More Stories
Smashing Security podcast #372: The fake deepfake, and Estate insecurity
Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage...
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Despite this setback, the auction house said bids can still be placed by phone and in-person Read More
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware Read More
Why You Need a Personal VPN
It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet...
NCSC Expands Election Cybersecurity to Safeguard Candidates and Officials
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the...
How To Spot A Fake Facebook Account
How do you manage your Facebook friends? Do you keep your list really tight and only include ‘active’ pals? Or...