Multiple Security vulnerabilities in SAP Cloud Connector

February 8, 2019 Posted by: Mark Mergaerts
vulnerability TECH Alert

EXPERTUM TECH ALERT - SAP has recently published note 2696233, which describes several security vulnerabilities in the SAP Cloud Connector. SAP Cloud connector connects between on-demand applications in SAP Cloud Platform and existing on-premise systems.

The note lists several vulnerabilities, including missing authentication for sensitive operations and the risk of code injection. The affected functions have been enhanced to do all the necessary authentication checks. Furthermore, the code injection is prevented by additional checks. The fixes are available as of SAP Cloud Connector 2.11.3.

You can download the fixed version from: https://tools.hana.ondemand.com/#cloud.

Upgrade your existing Cloud Connector installation with the downloaded version following the description provided in the SAP Help Portal at this link.

Any questions on this topic?

Contact us

 

Mark Mergaerts

Development Manager within Expertum Belgium