A Security Gap Causes a Cyberattack
For the first time in history, the US Department of Homeland Security has published report on security threats to SAP systems (US-CERT Alert for cybersecurity of SAP business applications). The report describes what a security gap had an impact on taking control over SAP systems.
36 organizations were attacked by a vulnerability
At least 36 organizations (with SAP system in their infrastructure) were attacked using a security vulnerability known for about 6 years. The attack was aimed primarily at systems that were not updated in accordance with the patches provided as part of SAP Security Notes. The described vulnerabilities certainly affected SAP NetWeaver Server Java - Invoker Servlet adons.
What systems are most at risk?
As a result, the DHS report indicates that SAP systems having outdated software are vulnerable. This applies to systems running on the SAP Java platform. Due to the fact that the discussed SAP Java platform is the basic technology for many systems, including SAP:
- Enterprise Resource Planning (ERP),
- Product Lifecycle Management (PLM),
- Customer Relationship Management (CRM),
- Supply Chain Management (SCM),
- Supplier Relationship Management (SRM),
- NetWeaver Business Warehouse (BW),
- Business Intelligence (BI),
- NetWeaver Mobile Infrastructure (MI),
- Enterprise Portal (EP),
- Process Integration (PI),
- Exchange Infrastructure (XI),
- Solution Manager (SolMan),
- NetWeaver Development Infrastructure (NWDI),
- Central Process Scheduling (CPS),
- NetWeaver Composition Environment (CE),
- NetWeaver Enterprise Search,
- NetWeaver Identity Management (IdM),
- Governance, Risk & Control 5.x (GRC).
the security gap is located on the application layer of the SAP system, so its occurrence is independent of the operating system and the database supporting the SAP system.
What are the effects of exploiting the vulnerability?
The use of the discussed Invoker Servlet vulnerability certainly allows remote, unauthenticated, full control over the compromised systems. Therefore, it allows full access to data and business processes on the systems (or even access to other systems connected with SAP).
How to protect yourself?
The surest solution is to use and use SAP Security Note 1445998 and disable the Invoker Servlet.
Comment from our expert
As this vulnerability has been known for at least 6 years, it seems unlikely that this vulnerability was exploited by burglars. It is also worrying that the situation affects so many global systems. What does it mean? Due to the fact that the subject of data security is not approached systematically it causes such omissions at the level of securit The main difficulty lies in convincing decision-makers about the need to invest in solutions that automate SAP security processes.
Daniel Sikorski / SAP Security / BASIS
GOOD TO READ ABOUT SAP SECURITY:
