Monday, February 10, 2025
HomeCVE/vulnerabilitySAP to Address Security Issues With Some Cloud Products and to Notify...

SAP to Address Security Issues With Some Cloud Products and to Notify 440,000 Customers

Published on

SIEM as a Service

Follow Us on Google News

SAP(Systems Applications and Products) announced on Monday that they are to patch security issues with some of their cloud-based products.

The bugs are identified as a part of the internal cybersecurity audit and the company already started working on it.

SAP Security Issues

SAP said that some of it is “cloud products do not meet one or several contractually agreed or statutory IT security standards” and they started to fix them.

Following are the products affected;

SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud.

SAAP confirms that the vulnerabilities are not identified as a part of a security incident and no customer data has been compromised.

“To ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with market peers,” reads the advisory.

SAP said they started fixing the bugs with affected products to meet the IT security standards at present and the bug fixes will largely be completed in the second quarter of 2020.

SAP SE executive board has decided to “inform and support the affected customers individually – approximately 9 percent of SAP’s 440,000 customers.”

SAP has more than 75,000 customers in 120 countries and has 140,000 installations worldwide.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Tor Browser 14.0.6 Released, What’s New!

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

Microsoft Sysinternals 0-Day Vulnerability Enables DLL Injection Attacks on Windows

A critical zero-day vulnerability has been discovered in Microsoft Sysinternals tools, posing a serious security threat...

7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability...