Up to 50,000 enterprises using SAP solutions may be vulnerable to cyber-attacks due to new exploits focusing on configuration errors in the software. That’s what security researchers at Onapsis Research Labs say.
Exploits called 10KBlaze focus on two technical components of SAP Software. The exploits have recently been released and may lead to the “complete compromise” of SAP applications, reports ZDNet. According to Onapsis, this can include the removal of business-critical application data, as well as the theft or modification of sensitive information.
The 10KBlaze tools can also be used to create new users with arbitrary privileges to create business functions such as creating new vendors or purchase orders and to access SAP databases or disrupt business operations.
Remote attackers do not need any form of authentication, but only some technical knowledge and a network connection to the vulnerable system to carry out an attack. The researchers say that the following applications have been affected:
- SAP S/4HANA
- SAP Enterprise Resource Planning (ERP)
- SAP Product Lifecycle Management (PLM)
- SAP Customer Relationship Management (CRM)
- SAP Human Capital Management (HCM)
- SAP Supply Chain Management (SCM)
- SAP Supplier Relationship Management (SRM)
- SAP NetWeaver Business Warehouse (BW)
- SAP Business Intelligence (BI)
- SAP Process Integration (PI)
- SAP Solution Manager (SolMan)
- SAP Governance, Risk & Compliance 10.x (GRC)
- SAP NetWeaver ABAP Application Server 7.0 – 7.52
The exploits do not depend on vulnerabilities in the SAP code. However, errors in the administrative configuration of the SAP NetWeaver installation and settings can be used to compromise applications.
According to Onapsis, up to 50,000 companies and a total of one million systems using NetWeaver and S/4HANA are misconfigured. The team estimates that 90 percent of SAP systems in use by an enterprise can be vulnerable.
SAP itself has already issued guidelines to customers in 2005, 2009 and 2010 describing how application configurations should be properly set up to prevent exploits. It is recommended that IT teams look directly at their builds to ensure they are protected.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.