German multinational SAP is the world’s third largest software firm, supplying companies all over the world with enterprise solutions. In its latest patch release, SAP has fixed a number of holes in its business management software – notably in its widely-used CRM application. While the majority of the flaws were relatively unthreatening, three nasties fell into the ‘high severity’ category.
These three vulnerabilities involved code injection in Visual Composer 04s iviews, cross-site AJAX requests in SAP BusinessObjects and directory traversal in SAP NetWeaver AS Java Web Container.
With all the nineteen holes now having been successfully plugged, SAP is advising its customers to download its new security patches without delay. Because any software is only ever as secure as its newest updated version – we feel like that should be printed and stuck on people’s desks.