Get in Touch

Please get in touch using the form below.

SAP July 2023 security update

Home / Threat Intelligence bulletins / SAP July 2023 security update

Target Industry

Energy sector.

Overview

SAP has disclosed a critical-level vulnerability, as part of its July 2023 security update, which contains a total of 18 patches. Tracked as CVE-2023-36922 (CVSSv3 score: 9.1), it pertains to an operating system (OS) command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL).

A full list of the disclosed security flaws can be found within the SAP Advisory.

Impact

Successful exploitation of CVE-2023-36922 allows an authenticated threat actor to inject arbitrary OS commands into an at-risk deployment.

Vulnerability Detection

Security patches for these vulnerabilities have been released by SAP. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

SAP ECC and SAP S/4HANA (IS-OIL), versions: 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807.

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected products apply the relevant security patches as soon as possible. The patches can be found within the SAP Support Portal.

Indicators of Compromise

No specific Indicators of Compromise (IoC) are available currently.

Threat Landscape

SAP is the largest Enterprise Resource Planning (ERP) vendor in the world, occupying a significant portion of the total market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, SAP products have become a prime target. More than 90% of the Forbes Global 2000 organisations use the SAP product range and they are therefore an integral aspect of business operations. As such, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration:

CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

An Intelligence Terminology Yardstick to showing the likelihood of events