Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 

It seems like every time I open up my RSS feed lately, I'm greeted with a large number of blog posts on yet another exploit being discovered.  Off the top of my head, the big ones that come to mind are Heartbleed, POODLE, FREAK - I could go on but I'm sure you're all too aware of these.

When these vulnerabilities are announced, my team will get a number of customers raising incidents with questions related to these types of vulnerabilities and the impact on their SAP BusinessObjects BI system.

These types of incidents are usually quite different than vulnerabilities identified as a result of a formal penetration test or a security scan.  I will go over the process on how to effectively raise an issue with SAP Support to deal with any vulnerabilities you may have uncovered in a future blog.  For now I would like to draw attention to the following Knowledge Base Articles (KBAs)* that have been the most popular in 2014 and 2015 so far (in no particular order):

POODLE

HeartBleed & OpenSSL

VGX.DLL

Other

I'd love to hear from you!  My aim is to bring clarity and transparency around security issues and how they impact the BI platform.  If you have any suggestions on what kind of content you'd like to see or questions on this topic, please leave a comment below or send me a direct message through SCN.

*Please note that these KBAs are available to our customers only, and a valid account is required.  Please contact your SAP Super-Admin for access or contact our GSCI team.

2 Comments