SAP has released its biggest batch of patches since 2012, including a fix for a vulnerability that has been open to exploitation since 2013.
The patches address 48 vulnerabilities in the widely used enterprise resource planning (ERP) software suite.
The flaw that has been unpatched since 2013 is a "missing authentication check-in" in SAP P4, according to ERPScan, a security company that focuses on ERP software.
The vulnerability was initially uncovered by Vahagn Vardanyan, a senior business applications security researcher at ERPScan.
"Initially, the patch to close this issue in the old P4 versions was released in 2012. Later, based on the SAP Security Note, we wrote a special script to exploit this vulnerability during penetration testing," Vardanyan told V3.
"The script usually worked. We decided that SAP customers didn't implement the appropriate patch and recommended that they did so.
"But once our client claimed that they had installed the patch, the investigation revealed that the bug still affects the latest versions of the service. In March, we sent this issue to the vendor and now it's finally fixed."
Three of the 48 patches are described by SAP as 'high priority' and should be implemented immediately.
ERPScan noted in a blog post that the majority of the flaws patched this month are "switchable authorisation checks".
"By these patches, new switchable authorisation checks were implemented. By default, they are inactive to ensure compatibility with processes," the company said.
"In case the authorisation is automatically turned on. It can lead to business processes stoppage when an employee hasn't got access to the required functionality or documentation."
The post goes on to warn that implementing these patches is likely to require "a lot of manual work". SAP customers are advised to assign the authorisation rights to the corresponding users in accordance with corporate policies.
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC