Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

SAP Alerts Customers of Vulnerabilities in Cloud Products

SAP this week revealed that it is notifying customers of a series of security issues that it has identified in its cloud products.

The Germany-based enterprise software maker said it discovered that some of its cloud products “do not meet one or several contractually agreed or statutory IT security standards at present.”

SAP this week revealed that it is notifying customers of a series of security issues that it has identified in its cloud products.

The Germany-based enterprise software maker said it discovered that some of its cloud products “do not meet one or several contractually agreed or statutory IT security standards at present.”

Products affected by these issues, the company says, are Success Factors, Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, C4C/Sales Cloud, Cloud Platform, and Analytics Cloud.

“These findings were not identified in response to a security incident. As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues,” the company wrote in a Form 6-K filed with the United States Securities and Exchange Commission (SEC).

The multinational software corporation believes roughly 9% of its 440,000 customers are affected, and it has decided to inform and support the impacted customers individually.

SAP also said that it decided to update its security-related terms and conditions, to ensure that the affected products “meet relevant terms and conditions.”

Technical remediation for the identified issues is already underway, and the software maker expects the process to be completed in the second quarter of 2020.

“The expenses related to the remediation are expected to be covered within the range of SAP’s current 2020 financial outlook,” the company said.

The company did not provide technical details on the identified vulnerabilities, but such information might be released starting next week, on the May 2020 SAP Security Patch Day.

Related: SAP’s April 2020 Security Updates Patch Five Critical Vulnerabilities

Related: Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks

Related: SAP Releases 13 Security Notes on February 2020 Patch Day

Related: SAP Releases 6 Security Notes on January 2020 Patch Day

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.