Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Saturday May 09 2015, @04:35AM   Printer-friendly
from the thats-the-way-we-like-our-data dept.

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and create J2EE backdoors.

Onapsis chief executive Mariano Nunez says the 250,000 SAP customers are exposed for an average of 18 months from when vulnerabilities surface, with SAP taking some 12 months to develop patches.

"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk." The Boston firm found SAP pumped out 391 patches last year of which half were labeled high priority.

Nunez lay blame in part on SAP HANA which he says is responsible for a whopping 450 percent increase in the number of security patches. "This trend is not only continuing, but exacerbating with SAP HANA ... positioned in the center of the SAP ecosystem [where] data stored in SAP platforms now must be protected both in the cloud and on-premise,” Nunez says.

http://www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tangomargarine on Saturday May 09 2015, @07:18PM

    by tangomargarine (667) on Saturday May 09 2015, @07:18PM (#180837)

    What, you mean your first instinct isn't to check the acronym against German?

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2