Security News > 2022 > February > SAP Patches Severe ‘ICMAD’ Bugs

There's a trio of critical vulnerabilities, fixed on Tuesday, in SAP business applications that use the ubiquitous Internet Communication Manager: the component that gives SAP products the HTTPS web server they need to connect to the internet or talk to each other.

The firm estimated that there were tens of thousands - approximately 40,000 - SAP customers running more than 10,000 potentially affected, internet-exposed SAP applications at the time of disclosure.

The ICMAD bugs are critical memory-corruption vulnerabilities that should be patched promptly, given that ICM is a core component of SAP business applications - just one flavor of the business-critical apps that threat actors are actively targeting.

As of Tuesday, SAP and Onapsis weren't aware of any breaches related to the trio of bugs, but that's clearly no reason to delay in applying the updates in Security Note 3123396 to affected SAP applications as soon as possible, they said.

"With the Onapsis research, they have uncovered an exploit path that allows attackers to gain access to those privileged credentials to move laterally within the on-premises network, and also pivot into the cloud as most SAP customers have federated their legacy SAP workloads with cloud-based ones," Turner explained.

"The SAP security updates will be critical ones to install, not just to protect those on-premises SAP servers but also any systems, on-prem or cloud, that may share credentials or trust relationships with those servers."

News URL

https://threatpost.com/sap-patches-severe-icmad-bugs/178344/