Göttingen - 4/10/17
How to fix the security vulnerabilities in SAP GUI 7.20 through 7.50
The Heise online service recently published a warning of security vulnerabilities in SAP systems that have not been patched. A vulnerability with a CVSS rating of 8.0 in the SAP GUIs of version 7.20 through 7.50 makes it possible to introduce malicious ABAP code. SAP users should fix this vulnerability promptly by installing the current SAP GUI version 7.40 SP12 or 7.50.
Failing to promptly install the patches released on SAP Security Patch Day in March of 2017 or to upgrade the SAP GUI version 7.40 SP12 or 7.50 makes it possible for attackers to introduce malicious ABAP code into the system by circumventing the security policies. This gives attackers access to business data each time the SAP GUI is called up. In the worst case, they can shut down operations with ransomware. SAP reassuringly reports that there are no indications of this vulnerability being exploited so far. Nevertheless, the company recommends fixing the vulnerability as soon as possible.
Please only use a current SAP GUI version 7.40 SP12 or 7.50 on your clients. Just give us a call if you need assistance. We will gladly assist you!