Security News > 2021 > April > SAP applications are getting compromised by skilled attackers

Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches.

SAP applications compromised via known vulnerabilities.

The vulnerabilities - some dating back to 2011 and some discovered only last lear - have all been patched by SAP, and the company provides instruction on how to change the default passwords of high-privilege user accounts, but according to Onapsis, there's still a high number of organizations running SAP applications configured with high-privilege users with default and/or weak passwords.

As the researchers noted, "With remote access to SAP systems and mission-critical applications, the need for lateral movement is nearly eliminated, enabling attackers to reach and exfiltrate business-critical data more quickly."

The company says that their analysis proves how critical it is to quickly apply relevant SAP security patches and secure configurations, check SAP applications for misconfigured and unauthorized high-privilege users, and implement a specific mission-critical application protection program.

"In many scenarios, the attacker would be able to access the vulnerable SAP system with maximum privileges, bypassing all access and authorization controls. This means that the attacker could gain full control of the affected SAP system, its underlying business data and processes."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/P_ik4dHJ6dI/