• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – REvil ransomware version 2.2
May 6, 2020
Rewterz Threat Advisory – Cisco Firepower Threat Defense Software Multiple Security Updates
May 7, 2020

Rewterz Threat Advisory – Security Issues in SAP’s Cloud-Based Products

May 7, 2020

Severity

Medium

Description

SAP SE (NYSE: SAP) continuously reviews and optimizes its cybersecurity infrastructure. The company has identified that some of its cloud products do not meet one or several contractually agreed or statutory IT security standards at present. Specifically, the affected products are limited to the acquired entity products SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as SAP C4C/Sales Cloud, SAP Cloud Platform and SAP Analytics Cloud.

These findings were not identified in response to a security incident. As SAP continues with its review, it does not believe that any customer data has been compromised as a result of these issues. In an effort to ensure that the affected products meet relevant terms and conditions and in addition to technical remediation, SAP has decided to update its security-related terms and conditions. These remain in line with market peers.
Moreover, SAP has initiated remediation of the identified areas of shortcomings against contractually agreed or statutory standards and will proceed expeditiously. Remediation will largely be completed in the second quarter 2020. The expenses related to the remediation are expected to be covered within the range of SAP’s current 2020 financial outlook.
The executive board of SAP SE has decided today that SAP will inform and support the affected customers individually – approximately 9 percent of SAP’s 440,000 customers.

Affected Products

  • SAP Sucees Factors
  • SAP Concur
  • SAP CallidusCloud Comissions
  • SAP/Callidus Cloud CPQ
  • SAP C4C/Sales Cloud
  • SAP Cloud Platform
  • SAP Analytics Cloud

Remediation

SAP states that the remediation has been initiated and will largely be completed in the second quarter of 2020. No workarounds are available. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.