Online SAP Deployments are Attack Targets

  • 29 May 2014
  • 1 reply
  • 240 views

Userlevel 7
Badge +54
Patch issued but Ruskies keep details under wraps
By Darren Pauli, 29 May 2014
 
Russian security researchers have reported a vulnerability in SAP NetWeaver which could allow attackers to gain access to Central User Administration tables.
Details on the vulnerability (CVE-2014-3787) in the service-oriented and integration platform were kept under wraps by security firm PT Security which conducted regular tests on SAP kit.
 The Central User Administration feature streamlined management of multiple users accounts that were managed on different clients. SAP was among the most popular business applications and was used by three quarters of Forbes 500 companies.
Dmitry Gutsko said the sensitive information disclosure vulnerability affected NetWeaver versions 7.20 and earlier.
 
Full Article

1 reply

Userlevel 7
The following is a update on Sap Deployment Attacks
 
By HNS Staff/ Posted on 16 June 2014

 
"Quote" Analysis of 3000 vulnerabilities in SAP

 

According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP.
Here are 6 highlights from a research conducted by the ERPScan team during 7 years of deep analysis of SAP vulnerabilities. A significant share of the analyzed vulnerabilities was found by the ERPScan research team themselves.
 
Help Net Security/ full read here/ http://www.net-security.org/secworld.php?id=17008
 

Reply