Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

36 global firms afflicted by an SAP security issue patched in 2010

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 12, 2016

It's reported today that the U.S. Computer Emergency Readiness Team (CERT) has taken the unusual step of naming how many large organizations have a particular security issue by calling out no less than thirty-six global organizations that are critically affected by an SAP security vulnerability that was supposedly patched by SAP six years ago.

To be sure, CERT is relaying some research conducted by Onapsis that says it discovered at least 36 large organisations under active attack caused by the SAP security flaw.

The issue is caused by the “Invoker Servlet”, a component of the NetWeaver Application Server Java systems (SAP Java platforms).

For some reason, the 36 companies have managed to either 'pass under the rug' or completely ignore the security patch for all these years.

Onapsis says the security flaw means “remote unauthenticated attackers” enjoy “full access to the affected SAP platforms, providing them with complete control of the business information and processes run by them, as well as potentially further access to connected SAP and non-SAP systems.”

Which is really bad news for two reasons. First, some of the 36 vulnerable organizations are multinationals so may well have lots of data. Number two, the internet security industry will doubtless read about this issue and shower us all with another round of “Your Business Can Be Hacked Out Of Existence” stuff.

The 'software repair' is fairly simple-- apply the patch and make sure it works, or simply disable the Invoker Servlet.

Both processes are like child's play for an SAP-certified expert, however. The CERT in the United States has nonetheless decided it needs to offer them a little guidance, as follows-- Scan systems for all known security vulnerabilities, such as missing patches and dangerous or mis-configured system implementations.

Identify and analyze the security settings of SAP interfaces between systems and applications to understand the various risks posed by these trust relationships, SAP asserts.

Then, analyze the various systems for malicious or excessive user authorizations. And we must also point out the monitoring of systems for indicators of potential compromise resulting from the exploitation of security vulnerabilities, among several other tests.

Nevertheless, there are many in the internet security community that still don't understand why after six years, the SAP patches that were supposed to have been applied in 2010 were not. We'll keep you posted.

Source: SAP.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer