It seems like every time I open up my RSS feed lately, I’m greeted with a large number of blog posts on yet another exploit being discovered.  Off the top of my head, the big ones that come to mind are Heartbleed, POODLE, FREAK – I could go on but I’m sure you’re all too aware of these.

When these vulnerabilities are announced, my team will get a number of customers raising incidents with questions related to these types of vulnerabilities and the impact on their SAP BusinessObjects BI system.

These types of incidents are usually quite different than vulnerabilities identified as a result of a formal penetration test or a security scan.  I will go over the process on how to effectively raise an issue with SAP Support to deal with any vulnerabilities you may have uncovered in a future blog.  For now I would like to draw attention to the following Knowledge Base Articles (KBAs)* that have been the most popular in 2014 and 2015 so far (in no particular order):

POODLE

HeartBleed & OpenSSL

VGX.DLL

Other

I’d love to hear from you!  My aim is to bring clarity and transparency around security issues and how they impact the BI platform.  If you have any suggestions on what kind of content you’d like to see or questions on this topic, please leave a comment below or send me a direct message through SCN.

*Please note that these KBAs are available to our customers only, and a valid account is required.  Please contact your SAP Super-Admin for access or contact our GSCI team.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Stephen Hookings

    Hi Jennifer – great information/work – by informing our customers you can reduce the number of incidents. Please don’t forget to pass on info to help in our internal SAP White Hat hacking initiative – or come join in the virtual team! We want to improve our automated scanners to detect a wider range of potential issues long before they make it into the field.

    (0) 

Leave a Reply