{"id":6108,"date":"2019-08-22T08:44:39","date_gmt":"2019-08-22T06:44:39","guid":{"rendered":"http:\/\/inprosec.com\/notas-de-seguridad-sap-q1-2019\/"},"modified":"2023-05-16T17:58:44","modified_gmt":"2023-05-16T15:58:44","slug":"notas-de-seguridad-sap-q1-2019","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/","title":{"rendered":"SAP Security Notes: Q1 2019"},"content":{"rendered":"\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a ref=\"magnificPopup\" href=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg\"><img decoding=\"async\" class=\"wp-image-2140\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg\" alt=\"\"\/><\/a><\/figure><\/div>\n\n<p class=\"wp-block-paragraph\">Hoy, publicamos la revisi\u00f3n de las notas de seguridad de SAP, en este caso del primer trimestre de 2019.<\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Tenemos 4 notas cr\u00edticas (Hot News)<\/strong>\u00a0distintas en este trimestre, aunque una aparece en 2 meses (por eso en total ser\u00edan 5 publicadas) se trata de una actualizaci\u00f3n habitual relacionada con el \u201cSAP Business Client\u201d y 6 destacadas de nivel alto, para la revisi\u00f3n en detalle de <strong>10 notas<\/strong>.<\/p>\n\n<ul class=\"wp-block-list\"><li>La nota m\u00e1s cr\u00edtica (CVSS 9.8), actualizaci\u00f3n de nota anterior, est\u00e1 relacionada con el componente \u201cSAP Business Client\u201d y se trata de una nota recurrente con 2 actualizaciones este trimestre.<\/li>\n<li>Adem\u00e1s destacamos la segunda nota m\u00e1s cr\u00edtica (CVSS 9.4) para SAP HANA.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">Tenemos un total de 51 notas para todo el trimestre, 22 menos que el pasado trimestre, (39 de los patch Tuesday, 5 menos que el pasado trimestre):<\/p>\n\n<ul class=\"wp-block-list\"><li>En Enero se han publicado un total de 18 notas (11 en el Security Notes Tuesday \u2013 17 nuevas y 1 actualizaci\u00f3n de notas anteriores).\n<ul><li>Existen 2 \u201chot new\u201d (cr\u00edtica) siendo la m\u00e1s significativa de varias vulnerabilidades para el \u201cSAP Cloud Connector\u201d con un CVSS de 9.3, y la segunda para \u201cSAP Landscape Management\u201d con un CVSS de 9.1.<\/li>\n<li>Por otro lado tenemos 2 notas de criticidad alta (High Priority) siendo la criticidad m\u00e1xima con un CVSS de 7.3 para el \u201cAdobe PDF Print Library\u201d.<\/li>\n<li>Este mes el tipo m\u00e1s predominante es \u201cCross-Site Scripting\u201d (6\/18 y 4\/16 en patch day) y la plataforma con m\u00e1s vulnerabilidades solventadas es SAP Netweaver ABAP<\/li>\n<\/ul><\/li>\n<li>En Febrero se han publicado un total de 16 notas (todas ellas, las 16, en el Security Notes Tuesday \u2013 13 nuevas y 3 actualizaciones de notas anteriores).\n<ul><li>Existen 2 \u201chot new\u201d (cr\u00edtica) siendo una la actualizaci\u00f3n de una nota recurrente relacionada con el \u201cSAP Business Client\u201d y con un CVSS de 9.8, que adem\u00e1s volver\u00e1 a ser actualizada en Marzo. La segunda sobre la falta de un chequeo de autorizaciones para SAP HANA con un CVSS de 9.4.<\/li>\n<li>Por otro lado tenemos 4 notas de criticidad alta (High Priority) siendo la criticidad m\u00e1xima con un CVSS de 8.7 y otra una actualizaci\u00f3n de una nota anterior.<\/li>\n<li>Este mes los tipos m\u00e1s predominantes son \u201cMissing Authorization Check\u201d y \u201cCross-Site Scripting\u201d (3\/16 en ambos casos).<\/li>\n<\/ul><\/li>\n<li>En Marzo se han publicado un total de 17 notas (12 en el Security Notes Tuesday \u2013 14 nuevas y 3 actualizaciones de notas anteriores).\n<ul><li>La \u00fanica \u201chot new\u201d (cr\u00edtica) es de nuevo la actualizaci\u00f3n de una nota de Abril relacionada con el \u201cSAP Business Client\u201d con su tercera actualizaci\u00f3n en lo que va de a\u00f1o y con un CVSS de 9.8. <strong>Importante instalarla de nuevo.<\/strong><\/li>\n<li>Existen tambi\u00e9n 2 notas de criticidad alta (high priority), una muy significativa con un CVSS de 8.7 y la otra con un CVSS de 7.6.<\/li>\n<li>Este mes el tipo m\u00e1s predominante es \u201cMissing Authorization Check\u201d (6\/17 y 3\/12 en patch day).<\/li>\n<\/ul><\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">En la gr\u00e1fica (post Marzo 2019 de SAP) podemos ver la <strong>evoluci\u00f3n y clasificaci\u00f3n de las notas de los 3 meses del primer trimestre del a\u00f1o (2019)<\/strong>, adem\u00e1s de los 3 meses del pasado trimestre (solo las notas del Sec. Tuesday \/ Patch Day \u2013 by SAP):<\/p>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a ref=\"magnificPopup\" href=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/SAP-1T-2019.png\"><img decoding=\"async\" class=\"wp-image-2137\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/SAP-1T-2019.png\" alt=\"\"\/><\/a><\/figure><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a ref=\"magnificPopup\" href=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/SAp-1T-2019-2.jpg\"><img decoding=\"async\" class=\"wp-image-2138\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/SAp-1T-2019-2.jpg\" alt=\"\"\/><\/a><\/figure><\/div>\n\n<p class=\"wp-block-paragraph\">Y en la siguiente gr\u00e1fica (post Marzo 2019 de ERPScan) podemos ver la misma evoluci\u00f3n, pero incluyendo todas las notas del mes, incluso aquellas publicadas adem\u00e1s de las del Sec. Tuesday \/ Patch Day:<\/p>\n\n<p class=\"wp-block-paragraph\">El <strong>detalle completo de las notas m\u00e1s relevantes<\/strong> es el siguiente:<\/p>\n\n<ol class=\"wp-block-list\"><li><strong>SAP Cloud Connector has several vulnerabilities (2696233):<\/strong> An attacker can use a missing authentication vulnerability to get access to service and read, modify or delete information. In addition, he or she could use administrative or privileged functionalities. The attacker can also use an OS command execution vulnerability for unauthorized execution of operating system commands. Executed commands will run with the same privileges of the service that executed a command. The hacker can access arbitrary files and directories located in an SAP server filesystem including application source code, configuration, and critical system files. It allows obtaining critical technical and business-related information stored in a vulnerable SAP system. Install this SAP Security Note to prevent the risks. <strong>CVSS Base Score: 9.3 \/ 10<\/strong><\/li>\n<li><strong>SAP Landscape Management has an Information Disclosure vulnerability (2727624):<\/strong> \u00a0An attacker can use an Information disclosure vulnerability to reveal additional information (e.g., system data, debugging information, etc.) which will help to explore the system and plan other attacks. Install this SAP Security Note to prevent the risks. <strong>CVSS Base Score: 9.1 \/ 10<\/strong><\/li>\n<li><strong>Adobe PDF Print Library has multiple vulnerabilities (2724788):<\/strong> Depending on a vulnerability, an implementation flaw can result in unpredictable behavior, issues related to system stability and safety. Patches correct configuration errors, add new functionality and improve system stability. Install this SAP Security Note to prevent the risks. <strong>CVSS v3 Base Score: 7.3 \/ 10<\/strong><\/li>\n<li><strong>SAP BusinessObjects BI Suite has an Information Disclosure vulnerability (2654905):<\/strong> An attacker can use it to reveal additional information (system data, debugging information, etc.) that will help to learn about a system and plan other attacks. Install this SAP Security Note to prevent the risks. <strong>CVSS v3 Base Score: 9.8 \/ 10<\/strong><\/li>\n<li><strong>SAP HANA Extended Application Services have a Missing authentication check vulnerability (2742027):<\/strong> An attacker can use the vulnerability for accessing a service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks. <strong>CVSS v3 Base Score: 9.4 \/ 10<\/strong><\/li>\n<li><strong>SLD Registration of ABAP Platform has an XML External Entity (XXE) vulnerability (2729710):<\/strong> An attacker can use an XML External Entity vulnerability to get unauthorized access to OS filesystem. The attacker can send specially crafted unauthorized XML requests, which will be processed by the XML parser. <strong>CVSS Base Score: 8.7 \/ 10<\/strong><\/li>\n<li><strong>SAP Disclosure Management has a Missing Authorization check vulnerability (2724014):<\/strong> An attacker can use the vulnerability to access a service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks. <strong>CVSS Base Score: 8.3 \/ 10<\/strong><\/li>\n<li><strong>SLD Registration of ABAP Platform has an XML External Entity (XXE) vulnerability (2764283):<\/strong> An attacker can use an XML External Entity vulnerability to send specially crafted unauthorized XML requests which will be processed by an XML parser. The attacker can use it for getting unauthorized access to OS filesystem. <strong>CVSS Base Score: 8.7 \/ 10<\/strong><\/li>\n<li><strong>SAP Disclosure Management has a Missing Authorization check vulnerability (2736825):<\/strong> An attacker can use an XML External Entity vulnerability to send specially crafted unauthorized XML requests which will be processed by an XML parser. The attacker can use it for getting unauthorised access to OS filesystem. <strong>CVSS Base Score: 8.3 \/ 10<\/strong><\/li>\n<li><strong>SAP NetWeaver Java Application Server has a Cross-Site Scripting (XSS) Vulnerability (2689925):<\/strong> An attacker can use a Cross-Site Scripting vulnerability for injecting a malicious script that will help access critical information stored by the browser and used for interaction with a site. <strong>CVSS Base Score: 7.6 \/ 10<\/strong><\/li>\n<\/ol>\n<p class=\"wp-block-paragraph\">Enlaces de referencia del CERT del INCIBE en relaci\u00f3n a la publicaci\u00f3n de las notas para los 3 meses de este trimestre:<\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-enero-2019\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-enero-2019<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-febrero-2019\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-febrero-2019<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-marzo-2019\">https:\/\/www.incibe-cert.es\/alerta-temprana\/avisos-seguridad\/actualizacion-seguridad-sap-marzo-2019<\/a><\/p>\n\n<p class=\"wp-block-paragraph\">Otras referencias, en ingl\u00e9s de SAP, Onapsis y ERPScan (en orden: Enero-&gt;Marzo):<\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=509151985\">https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=509151985<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.onapsis.com\/blog\/sap-patch-notes-january-2019\">https:\/\/www.onapsis.com\/blog\/sap-patch-notes-january-2019<\/a><\/p>\n<p><a href=\"https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=510922943\">https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=510922943<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.onapsis.com\/blog\/sap-patch-notes-February-2019\">https:\/\/www.onapsis.com\/blog\/sap-patch-notes-February-2019<\/a><\/p>\n<p><a href=\"https:\/\/erpscan.io\/press-center\/blog\/sap-cyber-threat-intelligence-report-february-2019\/\">https:\/\/erpscan.io\/press-center\/blog\/sap-cyber-threat-intelligence-report-february-2019\/<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=515408080\">https:\/\/wiki.scn.sap.com\/wiki\/pages\/viewpage.action?pageId=515408080<\/a><\/p>\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.onapsis.com\/blog\/sap-patch-notes-march-2019\">https:\/\/www.onapsis.com\/blog\/sap-patch-notes-march-2019<\/a><\/p>\n<p><a href=\"https:\/\/erpscan.io\/press-center\/blog\/sap-cyber-threat-intelligence-report-march-2019\/\">https:\/\/erpscan.io\/press-center\/blog\/sap-cyber-threat-intelligence-report-march-2019\/<\/a><\/p>\n\n<p class=\"wp-block-paragraph\">El listado completo de los sistemas\/componentes afectados es el siguiente:<\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Recursos afectados:<\/strong><\/p>\n\n<ul class=\"wp-block-list\"><li>ABAP Platform, versiones Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75<\/li>\n<li>ABAP Platform (SAP Basis), versiones desde 7.0 hasta 7.02, desde 7.10 hasta 7.11, 7.30, 7.31, 7.40, desde 7.50 hasta 7.53, desde 7.74 hasta 7.75<\/li>\n<li>ABAP Platform (SLD Registration), versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49; KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73; KERNEL desde 7.21 hasta 7.22, 7.45, 7.49, 7.53, 7.73, 7.75<\/li>\n<li>ABAP Server (usado en NetWeaver ySuite\/ERP), versi\u00f3n usando Kernel 7.21 o 7.22, ABAP Server 7.00 to 7.31, usando Kernel 7.45, 7.49 or 7.53, ABAP Server 7.40 hasta 7.52 o ABAP Platform<\/li>\n<li>ABAP Server of SAP NetWeaver y ABAP Platform versiones KRNL32NUC 7.21, KRNL32NUC 7.21EXT, KRNL32NUC 7.22, KRNL32NUC 7.22EXT, KRNL32UC 7.21, KRNL32UC 7.21EXT, KRNL32UC 7.22, KRNL32UC 7.22EXT, KRNL64NUC 7.21, KRNL64NUC 7.21EXT, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, KRNL64NUC 7.49, KRNL64NUC 7.74, KRNL64UC 7.21, KRNL64UC 7.21EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.49, KRNL64UC 7.73, KRNL64UC 7.74, KRNL64UC 8.04, KERNEL 7.21, KERNEL 7.45, KERNEL 7.49, KERNEL 7.53, KERNEL 7.73, KERNEL 7.74, KERNEL 7.75 y KERNEL 8.04<\/li>\n<li>Banking services desde SAP, versi\u00f3n 9.0<\/li>\n<li>FSAPPL, versi\u00f3n 5<\/li>\n<li>S4FPSL, versi\u00f3n 1<\/li>\n<li>SAP_BASIS, versiones desde 7.00 hasta 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51<\/li>\n<li>SAP Business Client, versi\u00f3n 6.5<\/li>\n<li>SAP Business Objects Business Intelligence Platform Servers (Enterprise), versiones 4.2, 4.3<\/li>\n<li>SAP Business Objects Business Intelligence Platform, versiones 4.2, 4.3<\/li>\n<li>SAP Business Objects Business Intelligence Platform (BI Workspace), versi\u00f3n 4.10 y 4.20<\/li>\n<li>SAP Business Objects Business Intelligence Platform (CMC Module), versi\u00f3n 4.10, 4.20 y 4.30<\/li>\n<li>SAP Business Objects Mobile for Android, versiones anteriores a 6.3.5<\/li>\n<li>SAP Business One Mobile Android App, versi\u00f3n 1.2.12<\/li>\n<li>SAP BW\/4HANA, versi\u00f3n 1.0 (SP08)<\/li>\n<li>SAP Cloud Connector, versiones anteriores a 2.11.3<\/li>\n<li>SAP Commerce (ex. SAP Hybris Commerce), versiones anteriores a 6.7<\/li>\n<li>SAP CRM WebClient UI, versiones SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01<\/li>\n<li>SAP Disclosure Management, versi\u00f3n 10.01 y versi\u00f3n 10.01 Stack 1301<\/li>\n<li>SAP Enterprise Architecture Designer para SAP HANA, versi\u00f3n 1.0<\/li>\n<li>SAP Enterprise Financial Services, versiones SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank\/CFM 4.63_20<\/li>\n<li>SAP Financial Consolidation Cube Designer, versiones BOBJ_EADES 8.0, 10.1<\/li>\n<li>SAP Gateway of ABAP Application Server, versiones SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5<\/li>\n<li>SAP HANA Extended Application Services, versi\u00f3n 1 y modelo avanzado (XS advanced), versi\u00f3n 1.0<\/li>\n<li>SAP Landscape Management, versiones VCM 3.0<\/li>\n<li>SAP Manufacturing Integration and Intelligence, versiones 15.0, 15.1 y 15.2<\/li>\n<li>SAP Mobile Platform SDK, versiones anteriores a SDK 3.1 SP03 PL02 y SDK 3.1 SP04<\/li>\n<li>SAP NetWeaver Java Application Server (J2EE-APPS), versiones desde 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50<\/li>\n<li>SAP Plant Connectivity, versiones &#8211; 15.1, 15.2<\/li>\n<li>SAP WebIntelligence BILaunchPad (Enterprise), versiones 4.10, 4.20<\/li>\n<li>SAP Work Manager, versiones Agentry_SDK 7.0, 7.1<\/li>\n<li>Solution Tools Plug-In (ST-PI); versiones 2008_1_700, 2008_1_710, 740<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Hoy, publicamos la revisi\u00f3n de las notas de seguridad de SAP, en este caso del primer trimestre de 2019. Tenemos 4 notas cr\u00edticas (Hot News)\u00a0distintas en este trimestre, aunque una aparece en 2 meses (por eso en total ser\u00edan 5 publicadas) se trata de una actualizaci\u00f3n habitual relacionada con el \u201cSAP Business Client\u201d y 6&#8230;<\/p>\n","protected":false},"author":6,"featured_media":6645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-6108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes: Q1 2019 - Inprosec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes: Q1 2019\" \/>\n<meta property=\"og:description\" content=\"Hoy, publicamos la revisi\u00f3n de las notas de seguridad de SAP, en este caso del primer trimestre de 2019. Tenemos 4 notas cr\u00edticas (Hot News)\u00a0distintas en este trimestre, aunque una aparece en 2 meses (por eso en total ser\u00edan 5 publicadas) se trata de una actualizaci\u00f3n habitual relacionada con el \u201cSAP Business Client\u201d y 6...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-22T06:44:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T15:58:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes: Q1 2019\",\"datePublished\":\"2019-08-22T06:44:39+00:00\",\"dateModified\":\"2023-05-16T15:58:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/\"},\"wordCount\":1605,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/CapturaSAP-q12019.jpg\",\"articleSection\":[\"General\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/\",\"name\":\"SAP Security Notes: Q1 2019 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/CapturaSAP-q12019.jpg\",\"datePublished\":\"2019-08-22T06:44:39+00:00\",\"dateModified\":\"2023-05-16T15:58:44+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/CapturaSAP-q12019.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/CapturaSAP-q12019.jpg\",\"width\":1453,\"height\":836},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/notas-de-seguridad-sap-q1-2019\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes: Q1 2019\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes: Q1 2019 - Inprosec","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes: Q1 2019","og_description":"Hoy, publicamos la revisi\u00f3n de las notas de seguridad de SAP, en este caso del primer trimestre de 2019. Tenemos 4 notas cr\u00edticas (Hot News)\u00a0distintas en este trimestre, aunque una aparece en 2 meses (por eso en total ser\u00edan 5 publicadas) se trata de una actualizaci\u00f3n habitual relacionada con el \u201cSAP Business Client\u201d y 6...","og_url":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/","og_site_name":"Inprosec","article_published_time":"2019-08-22T06:44:39+00:00","article_modified_time":"2023-05-16T15:58:44+00:00","og_image":[{"width":1453,"height":836,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes: Q1 2019","datePublished":"2019-08-22T06:44:39+00:00","dateModified":"2023-05-16T15:58:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/"},"wordCount":1605,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg","articleSection":["General"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/","url":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/","name":"SAP Security Notes: Q1 2019 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg","datePublished":"2019-08-22T06:44:39+00:00","dateModified":"2023-05-16T15:58:44+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2021\/10\/CapturaSAP-q12019.jpg","width":1453,"height":836},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/notas-de-seguridad-sap-q1-2019\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes: Q1 2019"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=6108"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6108\/revisions"}],"predecessor-version":[{"id":9030,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/6108\/revisions\/9030"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/6645"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=6108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=6108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=6108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}