Almost every SAP install has security holes

SAP was founded in 1972 and is a leading provider of enterprise software solutions and applications. According to global stock market capitalization, SAP is the third largest software manufacturer in the world with over 230.000 customers in more than 180 countries.

But somewhere here comes the bad news.secure security lock SAP

An impressive 95% of its business software applications SAP contain of high severity that could allow it to be breached, the researchers report.

Researchers from security firm Onapsis report attackers can target all SAPs , execute commands with admin privileges, and create J2EE backdoors.

Onapsis Managing Director, Mariano Nunez he says that SAP's 250.000 customers are exposed for an average of 18 months from the moment vulnerabilities are discovered, since SAP needs about 12 months to develop a patch that "fixes" them.

"The truth is that most patches that are applied are unsafe, come late or introduce code that guarantees further risks."

The Boston business has discovered that SAP has released 391 patches in recent years, half of which were high priority.

Nunez for all of this, partly criticizes the SAP HANA feature that, as he says, is responsible for an increase in the order of 450% in the number of security patches.

"This trend not only does not continue, but is exacerbated by SAP HANA… which is located in the center of the SAP ecosystem where data from SAP platforms are stored."

The worst of the discovered vulnerabilities have a level of seriousness 9,5 in major applications such as Sap SQL Anywhere and Sybase ESP.

"We are not just talking about the number of vulnerabilities, which is quite large, but also about the criticality," says ERPScan founder Alexander Polyakov.

Polyakov says:

"If the experienced SAP developers can still leave such στον κώδικά τους, φανταστείτε τι συμβαίνει με τα προσαρμοσμένα προγράμματα της SΑP, και ειδικά αυτά που ανατίθενται σε άλλες εταιρείες. Ο έντονος ανταγωνισμός μεταξύ των outsourcing εταιρειών οδηγεί στην ελαχιστοποίηση του χρόνου ανάπτυξης και τους π, which usually has security implications.”

Polyakov has published whitepapers detailing SAP vulnerabilities, penetration testing guidelines, and defenses.

Look at them whitepapers

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

adminalexanderinstallSAPcountries

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).