“Sapped” Critical Vulnerabilities are Exploited in SAP Applications

Cyber security firm, Onapsis, has warned of 6 critical vulnerabilities being actively exploited in the wild. The researchers recorded more than 300 successful attacks between mid-2020 and April 2021.

SAP systems are used by many organisations for managing critical business processes, including product life-cycle management, customer relationship management, enterprise resource planning and supply chain management.

SAP said in their alert to customers that 92% of the Forbes Global 2000 use SAP to power their operations. More than 400,000 organisations are currently using SAP, and 77% of the world’s transactional revenue touches an SAP system.

The impact:

The exploitation of the vulnerabilities can result in the theft of sensitive data, financial fraud, service disruptions and even risks malware being introduced to the application, which includes Ransomware.

The remediation:

SAP issued a warning to organisations using SAP systems on April 6, 2021 alerting users to the risk of attack. Patches were issued following the alert. For those who haven’t applied the patches, it is highly recommended to do so as soon as possible.

You can find the patches on the SAP website.

Source: DZone

Risk Crew