SAP notifying 9% of customers about security bugs in some cloud products

SAP says an internal security review found issues with seven of its cloud products.

SAP

German software group SAP announced on Monday plans to notify approximately 9% of its 440,000 customer base about security holes identified in some of its cloud-based products.

According to SAP, the issues were discovered following an internal review of its platform, which found that some of its cloud products did not meet one or more contractually or statutory security standards.

The German software group did not elaborate on the nature of the security flaws, as the issues have not yet received fixes across its infrastructure.

Nonetheless, SAP said that it did not believe that an attacker exploited any of the issues to gain access to customer data.

The German company said it already initiated and prioritized remediation efforts to patch all impacted products, which include the likes of SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud.

SAP said the security updates to the affected cloud products would complete in Q2 2020.

The company said expenses from these broad security updates are not expected to have any impact on its current 2020 financial outlook, although revenue has been adjusted already to account for the coronavirus pandemic.

The company said it's now "individually" contacting each of the affected customers to provide support with the updates. The number of impacted clients is believed to be just under 40,000.