Software maker SAP announced on Tuesday (March 14) that it patched cybersecurity flaws on its HANA software product.
According to Reuters, the vulnerabilities addressed had the potential to allow hackers to have control over the databases and business applications utilized by large global firms. In many cases, cyberattacks on the software databases of these types of companies can be more lucrative for hackers.
The report confirmed that the “zero day” vulnerabilities discovered are considered to be the most critical ever found in HANA. Onapsis, the security company that identified the issues, said that the flaws were located in the “User Self Service” (USS) component of the software. From there, attackers could potentially compromise the system without even needing a username or password.
“There has not been one case where a customer who applied the recommended patches has been affected,” Siddhartha Rao, VP of product security response for SAP, said in reference to the six years he had been in his role. “We currently expect there will not be that many customers affected by these issues,” he added.
Onapsis brought the 10 HANA security vulnerabilities to SAP’s attention within the last couple of months, and executives at both companies said the software maker patched the issues in near-record time.
“SAP has done a great job by releasing fixes much faster than in past situations,” Onapsis CEO Mariano Nunez told Reuters.