Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Saturday May 09 2015, @04:35AM   Printer-friendly
from the thats-the-way-we-like-our-data dept.

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and create J2EE backdoors.

Onapsis chief executive Mariano Nunez says the 250,000 SAP customers are exposed for an average of 18 months from when vulnerabilities surface, with SAP taking some 12 months to develop patches.

"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk." The Boston firm found SAP pumped out 391 patches last year of which half were labeled high priority.

Nunez lay blame in part on SAP HANA which he says is responsible for a whopping 450 percent increase in the number of security patches. "This trend is not only continuing, but exacerbating with SAP HANA ... positioned in the center of the SAP ecosystem [where] data stored in SAP platforms now must be protected both in the cloud and on-premise,” Nunez says.

http://www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by PizzaRollPlinkett on Saturday May 09 2015, @10:20AM

    by PizzaRollPlinkett (4512) on Saturday May 09 2015, @10:20AM (#180704)

    Who in their right mind would touch SAP, even to hack it? You're pretty safe if you use SAP. I mean, if a hacker could actually figure out SAP, there would be no reason to hack because the person could make huge sums of money as a consultant.

    (Full disclosure: I haven't actually used SAP, but have read technical documentation on ABAP and some of their stuff. From what i saw, the current SAP is like the Bizarro-world parody of J2EE with Spring, Struts, and Hibernate. Probably designed by whoever came up with CORBA. I came away from what I read being thankful I didn't have to actually use it.)

    --
    (E-mail me if you want a pizza roll!)
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Funny=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5