On Tuesday, SAP – one of the largest manufacturers of business applications and enterprise software – released a huge number of so-called Security Notes. An e-mail sent to SAP customers speaks euphemistically of "a significant number of security notes", it's rumoured there are 525 of these notes.

According to the email, the "volume of fixes" was due to the use of new tools and methods in the quality assurance process. The vulnerabilities range from directory traversal via cross-site scripting, to SQL injection. However, most of the patches can be added through a "technical upgrade" to the new product release "SAP Business Suite 7 Innovations 2010". This then leaves only a handful of patches to be added manually.

Details of the vulnerabilities and the patches have not been made public and are only available to customers with ID and password access to the Service Market Place on SAP sites.

(trk)