CySecurity News – Latest Information Security and Hacking Incidents
SAP security solutions vendor SecurityBridge warns that a critical bug recently addressed in SAP NetWeaver AS ABAP and ABAP Platform might be exploited to launch supply chain assaults.
The critical bug identified as CVE-2021-38178 with a CVSS score of 9.1, was fixed on the SAP Patch Day in October 2021. SecurityBridge researchers described the vulnerability as an improper authorization issue, which allows threat actors to tamper with transport requests, thus evading quality gates and transmitting code artifacts to production systems.
Typical SAP production systems exist at the end of a line of systems consisting of SAP instances that are used for development, testing, and sometimes integration. All instances often share a single transport directory, where files needed for deploying changes from development to production are kept.
Transport requests are used to distribute modifications throughout the SAP system line, and once exported, these requests are thought to be unmodifiable. As a result, each new modification would necessitate a new request. However, SecurityBridge uncovered that standard SAP deployments include a program that
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: