SAP Knowledge Base Article - Preview

2075306 - ShellShock (CVE-2014-6271) Unix GNU Bash Vulnerability - Product related status and recommendations


On 2014-10-02 SAP published an updated Spotlight News about the ShellShock case:

Information on “ShellShock” Vulnerability

SAP confirms that part of its cloud infrastructure has been affected by the vulnerability referred to as „ShellShock“ (CVE-2014-6271). SAP continues fixing and mitigating the issue by implementing the following measures:

  • Operational teams are patching the affected systems on the areas of impact as soon as appropriate fixes for this vulnerability are made available by open source communities and/or vendor of the affected distribution or OS

  • SAP has adjusted infrastructure monitoring to increase the possibility to detect and deter attempts to exploit this vulnerability across all cloud divisions.

Additionally, SAP highly recommends its On-Premise customers to timely deploy operating system (OS) patches as provided by the different OS providers / vendors.

This Spotlight-News can be accessed here as well:

This KBA (Knowledge Base Article) provides additional information on affected and non-affected SAP products and offerings.
Please revisit this KBA as additional information may be added to it in the future.

If you have further question please open a standard customer case.
If no specific component is known, optionally component XX-SER-BOSEC can be used.



ShellShock CVE-2014-6271   , KBA , XX-SER-BOSEC , AGS SEC Backoffice , BC-OP-LNX , Linux , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.