martes, 14 de octubre de 2014

Nota importante de Seguridad de SAP

Acabo de leerlo y os informo de que SAP ha lanzado una nota de seguridad importante, tras descubrir una vulnerabilidad en ciertas versiones de SAP Cryptographic Libraries utilizadas por SAP NetWeaver ABAP y aplicaciones SAP HANA, que podrían permitir un ataque contra las firmas digitales de los sistemas.

SAP proporciona el enlace a la nota de seguridad 2067859, que ofrece una solución a la vulnerabilidad mencionada. Además, recomienda como medida de seguridad adicional que se reemplacen las claves del sistema en todas las aplicaciones impactadas y, para llevar a cabo estas tareas, remite a la nota 2068693.
Os dejo la información completa que envía SAP para que los sistemas de tu empresa permanezcan seguros:

Dear customer, dear security contact,

SAP internal research has discovered a vulnerability in certain versions of SAP Cryptographic Libraries used by SAP NetWeaver ABAP and SAP HANA applications which might enable an attacker to spoof system digital signatures.
We have thoroughly investigated the deficiency. The Cryptographic Libraries of SAP Java applications are not affected by the deficiency. The issue impacts applications that use SAP NetWeaver ABAP or SAP HANA system generated digital signatures.
Security note 2067859 provides a solution to the SAP Cryptographic Library vulnerability in SAP ABAP and SAP HANA applications. As additional security measure SAP recommends that you replace the system keys on all impacted applications. For more information about performing these tasks please refer to SAP note 2068693.
For more detailed information we recommend to create a customer incident on component BC-SEC.
In light of heightened IT security threats, SAP is focusing on safeguarding the integrity and security of its customers’ business operations and information. We take the opportunity to remind you to increase the security of your SAP systems by installing the available security patches. For information on SAP's security notes and patches, please go to the SAP Security Notes page on the SAP Service Marketplace at
https://service.sap.com/securitynotes.
At the same time we would like to ask you to check whether the security contact that has been maintained for your company is still up-to-date. SAP addresses urgent security topics to the named security contacts in your company. By assigning the security contact authorization, users receive urgent system-security relevant information and updates per e-mail. Super administrators can change security contacts.
To check this assignment, please access the SAP Support Portal and navigate to the “Users & Authorizations” section. There you have the option to “List contact persons with important SAP Support functions”. The tab “Security” provides you with the list of users that have been maintained as primary security contacts for your enterprise. Initially, this role is assigned to those users in your company that have been assigned to the “Super Administrator” role.

Best Regards,

SAP SE


No hay comentarios:

Publicar un comentario