Symptom
On 2014-10-02 SAP published an updated Spotlight News about the ShellShock case:
Information on “ShellShock” Vulnerability
SAP confirms that part of its cloud infrastructure has been affected by the vulnerability referred to as „ShellShock“ (CVE-2014-6271). SAP continues fixing and mitigating the issue by implementing the following measures:
-
Operational teams are patching the affected systems on the areas of impact as soon as appropriate fixes for this vulnerability are made available by open source communities and/or vendor of the affected distribution or OS
-
SAP has adjusted infrastructure monitoring to increase the possibility to detect and deter attempts to exploit this vulnerability across all cloud divisions.
Additionally, SAP highly recommends its On-Premise customers to timely deploy operating system (OS) patches as provided by the different OS providers / vendors.
This Spotlight-News can be accessed here as well:
https://service.sap.com/securitynews
https://service.sap.com/securitynotes
https://service.sap.com/support
https://support.sap.com/home.html
This KBA (Knowledge Base Article) provides additional information on affected and non-affected SAP products and offerings.
Please revisit this KBA as additional information may be added to it in the future.
If you have further question please open a standard customer case.
If no specific component is known, optionally component XX-SER-BOSEC can be used.
Read more...
Keywords
ShellShock CVE-2014-6271 , KBA , XX-SER-BOSEC , AGS SEC Backoffice , BC-OP-LNX , Linux , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.