Three of the 31 SAP flaws in armed forces and cops software were fixed on Tuesday (December 13) in the ERP giant’s technology for Defense Forces & Public Security.
SAP’s Defense Forces and Public Security which is designed for armed forces, police, and aid organisations and SAP Mobile Defense and Security components are susceptible to missing authorisation check vulnerability which can allow an attacker to read, modify or delete data which is not usually critical but it’s important because it comes from armed forces.
SAP for Defense Forces & Public Security uses ERP technology which offers functions such as mapping organisational structures and material and personnel resource planning, accounting and funds management, materials management among others.
Other significant patches in SAP’s December batch include a fix for a directory traversal in flaw SAP User admin Application and a patch for a potential remote code execution bug in SAP business intelligence platform.
SAP released 315 patches throughout 2016, slightly less than in 2015. Cross-site scripting (XSS) remains the most common vulnerability type.