Almost every SAP install has security holes

SAP was founded in 1972 and is a leading provider of enterprise software solutions and applications. According to global stock market capitalization, SAP is the third largest software manufacturer in the world with over 230.000 customers in more than 180 countries.

But somewhere here comes the bad news.secure security lock SAP

An impressive 95% of its business software applications SAP contain vulnerabilities of high severity that could allow breach, say .

Researchers from the Onapsis security company report that attackers can target all Sap installs, execute commands with admin rights, and create J2EE backdoors.

Onapsis Managing Director, Mariano Nunez he says that SAP's 250.000 customers are exposed for an average of 18 months from the moment vulnerabilities are discovered, since SAP needs about 12 months to develop a patch that "fixes" them.

"The truth is that most patches that are applied are unsafe, come late or introduce code that guarantees further risks."

The Boston firm found that SAP had released 391 patches over the past few years, half of which were marked as highly s.

Nunez for all of this, partly criticizes the SAP HANA feature that, as he says, is responsible for an increase in the order of 450% in the number of security patches.

“Αυτή η τάση όχι μόνο δεν συνεχίζεται, αλλά επιδεινώνεται με το SAP HANA … που είναι τοποθετημένο στο του οικοσυστήματος της SAP όπου αποθηκεύονται τα from SAP platforms.”

The worst of the discovered vulnerabilities have a level of seriousness 9,5 in major applications such as Sap SQL Anywhere and Sybase ESP.

"We are not just talking about the number of vulnerabilities, which is quite large, but also about the criticality," says ERPScan founder Alexander Polyakov.

Polyakov says:

"If experienced SAP developers can still leave such errors in their code, imagine what happens to SAP custom programs, and especially those outsourced to other companies. "Intense competition between outsourcing companies minimizes growth time and resources, which usually has a security impact."

Polyakov has published whitepapers detailing SAP vulnerabilities, penetration testing guidelines, and defenses.

Look at them whitepapers

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

adminalexanderinstallSAPcountries

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).