A Security Gap Causes a Cyberattack

Reading time: 2 min.
Tomasz Jurgielewicz

A Security Gap Causes a Cyberattack

For the first time in history, the US Department of Homeland Security has published report on security threats to SAP systems (US-CERT Alert for cybersecurity of SAP business applications). The report describes what a security gap had an impact on taking control over SAP systems.

36 organizations were attacked by a vulnerability

At least 36 organizations (with SAP system in their infrastructure) were attacked using a security vulnerability known for about 6 years. The attack was aimed primarily at systems that were not updated in accordance with the patches provided as part of SAP Security Notes. The described vulnerabilities certainly affected SAP NetWeaver Server Java - Invoker Servlet adons.

What systems are most at risk?

As a result, the DHS report indicates that SAP systems having outdated software are vulnerable. This applies to systems running on the SAP Java platform. Due to the fact that the discussed SAP Java platform is the basic technology for many systems, including SAP:
  • Enterprise Resource Planning (ERP),
  • Product Lifecycle Management (PLM),
  • Customer Relationship Management (CRM),
  • Supply Chain Management (SCM),
  • Supplier Relationship Management (SRM),
  • NetWeaver Business Warehouse (BW),
  • Business Intelligence (BI),
  • NetWeaver Mobile Infrastructure (MI),
  • Enterprise Portal (EP),
  • Process Integration (PI),
  • Exchange Infrastructure (XI),
  • Solution Manager (SolMan),
  • NetWeaver Development Infrastructure (NWDI),
  • Central Process Scheduling (CPS),
  • NetWeaver Composition Environment (CE),
  • NetWeaver Enterprise Search,
  • NetWeaver Identity Management (IdM),
  • Governance, Risk & Control 5.x (GRC).
the security gap is located on the application layer of the SAP system, so its occurrence is independent of the operating system and the database supporting the SAP system.

What are the effects of exploiting the vulnerability?

The use of the discussed Invoker Servlet vulnerability certainly allows remote, unauthenticated, full control over the compromised systems. Therefore, it allows full access to data and business processes on the systems (or even access to other systems connected with SAP).

How to protect yourself?

The surest solution is to use and use SAP Security Note 1445998 and disable the Invoker Servlet.

Comment from our expert

As this vulnerability has been known for at least 6 years, it seems unlikely that this vulnerability was exploited by burglars. It is also worrying that the situation affects so many global systems. What does it mean? Due to the fact that the subject of data security is not approached systematically it causes such omissions at the level of securit The main difficulty lies in convincing decision-makers about the need to invest in solutions that automate SAP security processes.
Daniel Sikorski / SAP Security / BASIS
contact an expert

If you find this article valuable, please share it.
This will allow us to reach new people. Thank you in advance!

We will take care of the digital transformation of your business

Do you want to protect your business against cyber attacks? Or maybe you are planning a digital transformation or looking for IT specialists for a project? We are happy to help. We are here for you. Let's talk about professional IT services for your company.
Contact Us
Darmowy e-book

Wszystko, co musisz wiedzieć
o migracji z SAP ERP na SAP S/4HANA

Nasz zespół ekspertów przygotował dla Ciebie
e-poradnik, dzięki któremu zrobisz to łatwo, bezboleśnie i bez szkody dla bezpieczeństwa
Twojej firmy.

To praktyczna wiedza podana w przystępnym
języku - zupełnie za darmo.
Pobierz darmowego e-booka
+ 48 508 400 203
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Lukardi 2022. All Rights Reserved. 
Made with