Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
Summary
SAP has released security updates to fix two critical vulnerabilities in its enterprise software, including a code injection flaw in the Quotation Management Insurance application and an insecure deserialization issue. These flaws could allow attackers to execute arbitrary code on affected systems.
IFF Assessment
FOE
The discovery and potential exploitation of critical vulnerabilities that allow for arbitrary code execution are bad news for defenders.
Severity
9.8
Critical
Defender Context
Defenders need to prioritize patching SAP systems affected by these critical vulnerabilities to prevent potential exploitation for arbitrary code execution. Organizations should maintain an inventory of their SAP assets and actively monitor for security advisories from vendors like SAP.