SAP has published security fixes for 19 vulnerabilities, five of which are classified as critical, which means administrators should deploy them as quickly as possible to eliminate the related risks.
Several products are affected by the defects repaired this month, however, the critical severity bugs affect SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver.
SAP is the world’s largest ERP vendor, accounting for 24% of the worldwide market with 425,000 clients in 180 countries. Its ERP, SCM, PLM, and CRM systems are used by more than 90% of the Forbes Global 2000.
The US Cybersecurity and Infrastructure Security Agency (CISA) recommended administrators in February 2022 patch a collection of significant vulnerabilities affecting SAP business apps in order to prevent data theft, ransomware attacks, and interruption of mission-essential processes and operations. Threat actors were seen in April 2021 using resolved holes in unpatched SAP systems to obtain access to business networks.