SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data. The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients. Another flaw was a server-side buffer overflow that could cause a denial-of-service attack. SAP fixed both of the issues about a month ago, ERPScan CTO Alexander Polyakov said. The flaw is not remotely exploitable, so an attacker would need to have access to a SAP Mobile Device Management client.”]