Patch/Configuration Management, Vulnerability Management

Firm finds ‘high risk’ bugs in SAP BusinessObjects software

Security firm Onapsis released security advisories for “high risk” vulnerabilities impacting SAP BusinessObjects Edge 4.0.

Customers should immediately employ patches for the three vulnerabilities in the enterprise software, which could allow a remote, unauthenticated attacker to access and delete auditing information on the remote system, as well as access and overwrite sensitive business data, and retrieve sensitive business data stored on the remote system, an Onapsis release said.

The bugs could be leveraged to “gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting,” Onapsis explained.

Two “medium risk” issues were also patched by Onapsis – one affecting SAP BusinessObjects Edge 4.0, which could allow unauthorized audit information access via CORBA, and multiple reflected cross-site scripting vulnerabilities in the SAP HANA XS Administrational Tool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.