SAP Alerts Customers of Vulnerabilities in Cloud Products

SAP this week revealed that it is notifying customers of a series of security issues that it has identified in its cloud products.

The Germany-based enterprise software maker said it discovered that some of its cloud products “do not meet one or several contractually agreed or statutory IT security standards at present.”

Products affected by these issues, the company says, are Success Factors, Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, C4C/Sales Cloud, Cloud Platform, and Analytics Cloud.

“These findings were not identified in response to a security incident. As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues,” the company wrote in a Form 6-K filed with the United States Securities and Exchange Commission (SEC).

The multinational software corporation believes roughly 9% of its 440,000 customers are affected, and it has decided to inform and support the impacted customers individually.

SAP also said that it decided to update its security-related terms and conditions, to ensure that the affected products “meet relevant terms and conditions.”

Technical remediation for the identified issues is already underway, and the software maker expects the process to be completed in the second quarter of 2020.

“The expenses related to the remediation are expected to be covered within the range of SAP’s current 2020 financial outlook,” the company said.

The company did not provide technical details on the identified vulnerabilities, but such information might be released starting next week, on the May 2020 SAP Security Patch Day.

Related: SAP’s April 2020 Security Updates Patch Five Critical Vulnerabilities

Related: Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks

Related: SAP Releases 13 Security Notes on February 2020 Patch Day

Related: SAP Releases 6 Security Notes on January 2020 Patch Day