AD-HOC SAP PRODUCT SECURITY NOTIFICATION
PLEASE DEPLOY SECURITY FIX IMMEDIATELY
As an extension of our commitment to customers, we take system reliability and security as a serious matter at SAP. With respect to this topic, we have a comprehensive process in place to address security related matters quickly and effectively. Core to our process is how we inform our customers of both routine security issues as well as matters that require immediate attention.
This message is to proactively alert your business to the security patches made available on our recent SAP Security Patch Day. The August 9, 2011 SAP Security Patch Day alert includes a patch related to a J2EE Engine vulnerability. We'd like to reinforce the importance of deploying the security fixes quickly in order to reduce such risk, and in particular (without limitation) security fix # 1589525 (with update-note 1624450).
The risk this security patch addresses was prominently discussed as part of a recent presentation at the Black Hat security conference. Because of the J2EE Engine vulnerability, we ask all customers to immediately deploy the required patch.
You can find details of these issues including the provided fixes in SAP collective note 1616259 on the SAP Service Marketplace (service.sap.com/securitynotes).
For further information about SAP Security Notes see the Frequently Asked Questions.
Chief Product Security Officer