Security News > 2021 > April > Threat Actors Quick to Target (Patched) SAP Vulnerabilities
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.
Used within more than 400,000 organizations for resource planning, management of product lifecycle, human capital, and supply chain, and for various other purposes, SAP's applications represent an attractive target for adversaries.
The two organizations say, are leveraging various attack vectors to compromise organizations through unprotected SAP applications, including chaining together multiple vulnerabilities specific to SAP deployments.
The study also reveals that threat actors are making numerous brute-force attempts targeting high-privilege SAP user accounts, showing once again that maintaining secure system configurations is as important as keeping software patched at all times.
"SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes-such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management," CISA notes.
Organizations using SAP software are advised to perform compromise assessment on those applications, especially for Internet-facing resources, assess all applications in the SAP environment, perform misconfiguration assessments, and immediately apply all of the available patches where necessary.