SoylentNews is people
SoylentNews
A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and create J2EE backdoors.
Onapsis chief executive Mariano Nunez says the 250,000 SAP customers are exposed for an average of 18 months from when vulnerabilities surface, with SAP taking some 12 months to develop patches.
"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk." The Boston firm found SAP pumped out 391 patches last year of which half were labeled high priority.
Nunez lay blame in part on SAP HANA which he says is responsible for a whopping 450 percent increase in the number of security patches. "This trend is not only continuing, but exacerbating with SAP HANA ... positioned in the center of the SAP ecosystem [where] data stored in SAP platforms now must be protected both in the cloud and on-premise,” Nunez says.
http://www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/
(Score: 3, Interesting) by ThG on Saturday May 09 2015, @08:28AM
I had the *joy* to work with this system at university (nothing too serious, just lecture stuff), and I'm not the least bit surprised by this.
SAP is so broken, with so many flaws, that systemd looks like a pretty decent project in comparison.
I would rather kill myself than having to work that SAP ERP ever again.