Symptom
- Are SuccessFactors products affected by the Meltdown and Spectre Vulnerabilities?
- Are security patches recommended?
- Where can customers find the necessary security patches?
- Who will monitor the situation?
- Can SAP confirm the impact of performance on its cloud applications?
Environment
SAP SuccessFactors HCM Suite
Resolution
- SAP is currently investigating disclosed processor (CPU) security issues known as Meltdown and Spectre. There are no indications yet that these vulnerabilities have been used to attack our customers. SAP recommends all customers implement security patches provided by hardware and operating system providers as soon as they become available. We will ensure fixes are applied to our cloud infrastructure at the earliest possible opportunity. SAP Global Security is monitoring the situation.
- SAP operation and security teams are working intensively to address the issue, and currently taking all corrective actions suggested by vendors and security experts. SAP aims to honor SLA, however due to the severity and urgency, it is possible some disruption may be expected. Teams are working to minimize the effects of the mitigation. SAP cannot at this point confirm the impact on performance of its cloud applications, however, we are performing the necessary test to ensure continuous and stable operations.
Note: Product Support please see Internal Memo.
See Also
An official response is available on sap.com (Jan 22, 2018).
Keywords
Meltdown, Spectre Vulnerabilities, SF, Success Factors, Kernel-memory-leaking processor design flaw , KBA , LOD-SF-PLT-SEC , Security Reports , Problem
Product
SAP SuccessFactors HXM Suite all versions