2597977 - Are SuccessFactors Products Affected by Meltdown and Spectre Vulnerabilities?

• Are SuccessFactors products affected by the Meltdown and Spectre Vulnerabilities?
• Are security patches recommended?
• Where can customers find the necessary security patches?
• Who will monitor the situation?
• Can SAP confirm the impact of performance on its cloud applications?

SAP SuccessFactors HCM Suite

• SAP is currently investigating disclosed processor (CPU) security issues known as Meltdown and Spectre. There are no indications yet that these vulnerabilities have been used to attack our customers. SAP recommends all customers implement security patches provided by hardware and operating system providers as soon as they become available. We will ensure fixes are applied to our cloud infrastructure at the earliest possible opportunity. SAP Global Security is monitoring the situation.
• SAP operation and security teams are working intensively to address the issue, and currently taking all corrective actions suggested by vendors and security experts. SAP aims to honor SLA, however due to the severity and urgency, it is possible some disruption may be expected. Teams are working to minimize the effects of the mitigation. SAP cannot at this point confirm the impact on performance of its cloud applications, however, we are performing the necessary test to ensure continuous and stable operations.

Note: Product Support please see Internal Memo.

An official response is available on sap.com (Jan 22, 2018).

• https://www.sap.com/corporate/en/company/security.html
• https://www.sap.com/about/cloud-trust-center/secure-cloud-storage.html

Meltdown, Spectre Vulnerabilities, SF, Success Factors, Kernel-memory-leaking processor design flaw , KBA , LOD-SF-PLT-SEC , Security Reports , Problem