SAP squashes clickjack bugs

SAP has released patches to fix 36 vulnerabilities, most of them (24) involving clickjacking.

Tuesday’s patch update also contains fixes for several dangerous vulnerabilities, according to security specialists ERPScan. One particularly noteworthy flaw affects a utility industry-specific module. A separate code injection vulnerability in SAP Solution Manager earns a near maximum CVSS Base Score of 9.9, making it an obvious patching priority.

Clickjacking is a type of vulnerability allows an attacker to "hijack" clicks by using multiple transparent or opaque layers. Such flaws are normally only moderate and easily patched. It’s therefore noteworthy that before this month there were only two SAP Security notes to correct such issue since 2002, ERPScan reports. ®