Old SAP Software Vulnerability Exploited

Hello everybody,

A security vulnerability in SAP business software that has been there since 2010 was exploited by hackers recently.

The US Computer Emergency Response Team (US-CERT) says that at least 36 enterprises are at risk of attack if their SAP is outdated or misconfigured. This problem was discovered by a firm called Onassis.

A company within the top-10 highest annually grossing global enterprise is also said to be at risk. Over a dozen of the affected companies generate over $10bn in annual revenue. Onapsis didn’t name the affected firms but said they were from the US, UK, China and Germany.

Onapsis claims that there could be many other affected companies as most customers are unaware of the vulnerability even though it’s not new.

An alert released by the US-CERT  on Wednesday warned that a hacker who exploited the vulnerability could gain full access to an affected SAP platform, giving them “control of the business information and processes on these systems, as well as potential access to other systems”.

SAP explained that the vulnerability was fixed 6 years ago and the versions released afterwards were not vulnerable.

They also  acknowledged that there’s a possibility the changes can break, or disable, customised software developments that many customers had implemented using older versions of SAP’s programming language.

Administrators are urged to scan systems for vulnerabilities and apply the appropriate fixes soon.

Source: Akati

Comments are closed.