This does not appear to be the same panic level as the previous patch. In other
words the previous openssl vuln was worse than the instability of all-night
patching. This one is not. Take time to roll out right.
On June 5, 2014 7:51:50 AM PDT, Jordan Urie wrote:
>Ladies and Gentlemen,
>
>https:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory < 20140606-0 >
===
title: Multiple critical vulnerabilities
product: WebTitan
vulnerable version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Onapsis Security Advisories:Multiple Hard-coded Usernames (CWE-798) have
been found and patched in a variety of SAP components.
Summaries of the advisories with links to full versions follow:
1. ONAPSIS-2014-011-SAP Project System Structures and Proje
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Onapsis Security Advisory 2014-020: SAP SLD Information Tampering
1. Impact on Business
=
By exploiting this vulnerability, a remote unauthenticated attacker
might be able to
modify technical information about the SAP
