A security gap causes a cyberattack
For the first time in history, the US Department of Homeland Security has published report on security threats to SAP systems (US-CERT Alert for cybersecurity of SAP business applications). The report describes what a security gap had an impact on taking control over SAP systems.
36 organizations were attacked by a vulnerability
At least 36 organizations (with SAP system in their infrastructure) were attacked using a security vulnerability known for about 6 years. The attack was aimed primarily at systems that were not updated in accordance with the patches provided as part of SAP Security Notes. The described vulnerabilities certainly affected SAP NetWeaver Server Java - Invoker Servlet adons.
What systems are most at risk?
- Enterprise Resource Planning (ERP),
- Product Lifecycle Management (PLM),
- Customer Relationship Management (CRM),
- Supply Chain Management (SCM),
- Supplier Relationship Management (SRM),
- NetWeaver Business Warehouse (BW),
- Business Intelligence (BI),
- NetWeaver Mobile Infrastructure (MI),
- Enterprise Portal (EP),
- Process Integration (PI),
- Exchange Infrastructure (XI),
- Solution Manager (SolMan),
- NetWeaver Development Infrastructure (NWDI),
- Central Process Scheduling (CPS),
- NetWeaver Composition Environment (CE),
- NetWeaver Enterprise Search,
- NetWeaver Identity Management (IdM),
- Governance, Risk & Control 5.x (GRC).
What are the effects of exploiting the vulnerability?
How to protect yourself?
Comment from our expert
As this vulnerability has been known for at least 6 years, it seems unlikely that this vulnerability was exploited by burglars. It is also worrying that the situation affects so many global systems. What does it mean? Due to the fact that the subject of data security is not approached systematically it causes such omissions at the level of securit The main difficulty lies in convincing decision-makers about the need to invest in solutions that automate SAP security processes.
GOOD TO READ ABOUT SAP SECURITY:
- SAP Dictionary of Terms
- SAP System
- SECPOL SAP
- SAST is the Best Security for the SAP system?
- SAP User Monitoring
- Authorization Concepts in the SAP System
- What is the SAP security?
- A Secure Password for SAP
- How to Increase the Security of the SAP System Related to Logging in?
- The Reasons for Data Lleakage
- SAP Notes
- SAP Security
- Is SAP System Security Important?
- Where do you start with SAP security?
- Backups and Cybersecurity
- RPA Automation
- SAP Security Audit
- The Benefits of SAST
- SAST - SAP User Authorizations