Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Saturday May 09 2015, @04:35AM   Printer-friendly
from the thats-the-way-we-like-our-data dept.

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and create J2EE backdoors.

Onapsis chief executive Mariano Nunez says the 250,000 SAP customers are exposed for an average of 18 months from when vulnerabilities surface, with SAP taking some 12 months to develop patches.

"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk." The Boston firm found SAP pumped out 391 patches last year of which half were labeled high priority.

Nunez lay blame in part on SAP HANA which he says is responsible for a whopping 450 percent increase in the number of security patches. "This trend is not only continuing, but exacerbating with SAP HANA ... positioned in the center of the SAP ecosystem [where] data stored in SAP platforms now must be protected both in the cloud and on-premise,” Nunez says.

http://www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Troll) by Anonymous Coward on Saturday May 09 2015, @05:07AM

    by Anonymous Coward on Saturday May 09 2015, @05:07AM (#180643)

    Yup, that what happen when write C code. All installs hackable. Use Rust, n00b.

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  

    Total Score:   -1  
  • (Score: 0) by Anonymous Coward on Saturday May 09 2015, @08:01AM

    by Anonymous Coward on Saturday May 09 2015, @08:01AM (#180672)

    Can we have that again, in English this time?

  • (Score: 0) by Anonymous Coward on Saturday May 09 2015, @04:45PM

    by Anonymous Coward on Saturday May 09 2015, @04:45PM (#180798)
    Boo hoo! I was modded unfairly as 'Troll'! It's everybody else's fault but mine and the Troll mod shouldn't even exist! Woe I say!