On its Aug. 12 “Security Patch Day,” SAP released 19 security notes — four of which were previously released — and three were patches to critical 9.9 bugs found on its SAP S/4 HANA ERP system.S/4 HANA is SAP’s flagship ERP platform, widely deployed across Fortune 500 companies and critical industries, including manufacturing, finance, healthcare, and defense. “The interconnected nature of these systems means that if attackers gain access to one vulnerable instance, they can potentially pivot to adjacent systems through trusted remote function call (RFC) connections or reuse of credentials,” said Jonathan Stross, SAP Security Analyst at Pathlock. “This makes prompt patching absolutely essential.”J Stephen Kowski, Field CTO at SlashNext Email Security, added that successful exploitation of S/4HANA can “absolutely” drive lateral movement.“Once code runs in SAP’S ABAP programming language with elevated privileges, attackers can pivot via RFCs, job scheduling, connected middleware, and identity integrations to reach other systems,” he said.Here's a rundown from Pathlock's Stross on the three 9.9 critical patches, which he said teams should patch immediately.
Security Operations, SOC, Patch/Configuration Management, Vulnerability Management, Exposure management
SAP patches three critical 9.9 S/4 HANA bugs

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



