SAP Knowledge Base Article - Public

2597977 - Meltdown and Spectre Vulnerabilities with SuccessFactors

Symptom

Meltdown and Spectre Vulnerabilities with SuccessFactors

Environment

All datacenter

Cause

Customer have heard of the Kernel-memory-leaking processor design flaw known as Meltdown or Spectre.

Resolution

Provide an update to the customer as per the statement from cyber security team https://jam4.sapjam.com/blogs/show/jFKfSohhb5g6usVoe8cSXx

SAP is currently investigating disclosed processor (CPU) security issues known as Meltdown and Spectre. There are no indications yet that these vulnerabilities have been used to attack our customers. SAP recommends that all customers implement security patches provided by hardware and operating system providers as soon as they become available. We will ensure that fixes are applied to our cloud infrastructure at the earliest possible. SAP Global Security is monitoring the situation.

SAP operation and security teams are working intensively to address the issue, and currently taking all corrective actions suggested by vendors and security experts. SAP aims to honor SLA, however due to the severity and urgency, it is possible some disruption may be expected. Teams are working to minimize the effects of the mitigation. SAP cannot at this point confirm the impact on performance of its cloud applications however we are performing the necessary test to ensure continuous and stable operations.

 

See Also

Official Response on sap.com (Jan 22, 2018)

https://www.sap.com/corporate/en/company/security.html

https://www.sap.com/about/cloud-trust-center/secure-cloud-storage.html

Keywords

Meltdown, Spectre Vulnerabilities , KBA , LOD-SF-PLT-SEC , Security & Permissions , Problem

Product

SAP SuccessFactors HCM Core all versions ; SAP SuccessFactors Learning 1711