Security News > 2022 > February > SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs

Security researchers from Onapsis - the security firm that specializes in security for SAP, Oracle, Salesforce, and other software-as-a-service platforms and that discovered the bugs - joined SAP in coordinating the release of a Threat Report describing the critical vulnerabilities onTuesday.

As of Tuesday, Onapsis Research Labs had estimated that there were tens of thousands - approximately 40,000 - SAP customers running more than 10,000 potentially affected, internet-exposed SAP applications.

The ICMAD bugs are critical memory-corruption vulnerabilities that should be patched promptly, given that ICM is a core component of SAP business applications - just one flavor of the business-critical apps that threat actors are actively targeting.

"As we have observed through recent threat intelligence, threat actors are actively targeting business-critical applications like SAP and have the expertise and tools to carry out sophisticated attacks," said Mariano Nunez, CEO and co-founder of Onapsis.

As of Tuesday, SAP and Onapsis weren't aware of any breaches related to the trio of bugs, but that's clearly no reason to delay in applying the updates in Security Note 3123396 to affected SAP applications as soon as possible, they said.

At noon ET on Thursday, Onapsis' Nunez and SAP Chief Information Security Officer Richard Puckett will provide a threat briefing about the ICMAD vulnerabilities.

News URL

https://threatpost.com/sap-threat-briefing-severe-icmad-bugs/178344/