An old SAP vulnerability causes Department of Homeland Security (DHS) to issue a US-CERT warning for the first time ever due to 36 organizations being affected.



why is this signficant?

  • In April 2016, the researchers of security vendor Onapsis, discovered that a Chinese forum was publishing data from 36 unnamed organisations from 2013-2016 and began investigating how this information was obtained.
  • The researcher discovered that there was an SAP vulnerability that was being exploited.  SAP NetWeaver is where the vulnerability resides and is the main platform behind SAP applications.
  • SAP released the patch long ago on this vulnerability,  but companies that have failed to update since the patch was released are still vulnerable. The fact that 36 organizations were already breached are once again an indication of the problems in patching and how as an industry we cannot rely on the patching processes as a basis for security. 

Read the full story on SC Magazine