Common Vulnerabilities and Exposures (CVE) – All you need to know (30min)
In the September edition of monthly webinar Defeat the Hackers, INDUS Security Special Interest group hosted Shipra Aggarwal and Bibin Mathew from SAP Labs India Bangalore.
Two topics were covered in this month’s session:
- Critical SAP Security Notes Released this Quarter
- CVE (Common Vulnerability and Exposures)
Critical SAP Security Notes Released this Quarter
Bibin presented on the new critical patches that were released this quarter (July 2020 – Sep 2020) and should be consumed by customers on high priority. The session covered more details about these critical patches including:
- Products affected
- Impact
- Availability of workarounds & FAQs
Please refer to the slides and recording for more information.
CVE (Common Vulnerability and Exposures)
Shipra shared the importance of CVE (Common Vulnerability and Exposures) for SAP customers in enhancing the security posture of their landscapes.
The session provided an overview on the need for CVEs for software security vulnerabilities. At the session, Shipra also spoke about how and when SAP became a CVE Numbering Authority and the benefits of doing so.
She also shared some practical tips on making the best use of CVEs.
In addition, the session also detailed on the following aspects:
- Why do we need CVEs and what it is?
- How SAP assigns CVE-IDs for its patched security vulnerabilities?
- Understanding the CVE entry from MITRE and NVD
- How customers can make use of CVEs to consume SAP patches effectively?
Some of the resources that she shared are as below:
- https://cve.mitre.org/about/faqs.html
- https://cve.mitre.org/compatible/enterprise.html
- CVE-Compatible Products and Services
- Latest version of the CVE CVEList Master Copy page
- A free tool from CERIAS/Purdue University monitors changes to the CVE List
- CVE Change Logs provide daily or monthly changes to the list
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=SAP
- CVE and NVD Relationship