Forgot your password?
typodupeerror
Security

+ - Vulnerable SAP Deployments Make Prime Attack Targets->

Submitted by wiredmikey
wiredmikey (1824622) writes "Using a combination of TCP scans and Google, security researchers found that nearly a quarter of the organizations running vulnerable versions of SAP are tempting fate by leaving them exposed to the Internet. This discovery, researchers from ERPScan say, dispels the myth that SAP systems are only available from the internal network, leading to the misconception that they are protected by design.

By March 2012, there were more than 2,000 security advisories published by SAP. Of those, about 7% (124) have publicly available PoC (proof-of-concept) exploit code available to the public. Many of the issues discovered are related to poor configuration or poor deployment planning. For example, 212 SAP Routers were found in Germany, which were created mainly to route access to internal SAP systems.

Another issue with the vulnerable and exposed SAP installations is that many of them run on Windows NT, creating a twin set of risks for the organization, as they have to contend with a bad SAP deployment and unsupported OS that is full of security issues all by itself.

SAP environments are often home to an organization’s most important business data, making protecting them critical for enterprise security, but it seems many gaps exist..."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Vulnerable SAP Deployments Make Prime Attack Targets

Comments Filter:

"The medium is the message." -- Marshall McLuhan

Working...