Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 9 submissions in the queue.
posted by CoolHand on Saturday May 09 2015, @04:35AM   Printer-friendly
from the thats-the-way-we-like-our-data dept.

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and create J2EE backdoors.

Onapsis chief executive Mariano Nunez says the 250,000 SAP customers are exposed for an average of 18 months from when vulnerabilities surface, with SAP taking some 12 months to develop patches.

"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Nunez says. "The truth is that most patches applied are not security-related, are late or introduce further operational risk." The Boston firm found SAP pumped out 391 patches last year of which half were labeled high priority.

Nunez lay blame in part on SAP HANA which he says is responsible for a whopping 450 percent increase in the number of security patches. "This trend is not only continuing, but exacerbating with SAP HANA ... positioned in the center of the SAP ecosystem [where] data stored in SAP platforms now must be protected both in the cloud and on-premise,” Nunez says.

http://www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday May 09 2015, @08:44PM

    by Anonymous Coward on Saturday May 09 2015, @08:44PM (#180859)

    Making them up seems to be good sport at SAP's expense.
    Start Applying Patches
    Send Another Payment
    Suffering And Pain
    Sorry Ass Program

    -- gewg_

  • (Score: 0) by Anonymous Coward on Monday May 11 2015, @10:14AM

    by Anonymous Coward on Monday May 11 2015, @10:14AM (#181422)

    Slowly Advances Psychosis

    • (Score: 0) by Anonymous Coward on Monday May 11 2015, @07:34PM

      by Anonymous Coward on Monday May 11 2015, @07:34PM (#181600)

      See? It is good fun.
      I'll have to add that one to my list.

      Meanwhile:
      sap: n.
        1. To undermine the foundations of (a fortification).
        2. To deplete or weaken gradually.

      -- gewg_