Source: Cyware | By Sidarth Trisal
• The exploits could be used by attackers to fully compromise SAP applications as well as delete all business data.
• Vulnerabilities present in SAP NetWeaver installations were primarily targeted by these exploits.
Around 50,000 companies using SAP software are at great risks as new exploits target software configuration flaws. A recent report by cybersecurity firm Onapsis has detailed these exploits, which can cripple SAP-based systems. According to the report, about a million systems were discovered to be affected.
The exploits could be deployed by remote, unauthorized attackers with connectivity to the vulnerable systems having SAP.
A note on the exploits
• Collectively Known as ‘10KBLAZE’, the exploits targeted two technical components in SAP applications. The vulnerable components are SAP Message Server and SAP Gateway.
• With these exploits, attackers could create new users in the SAP system with arbitrary privileges allowing them to view and modify confidential business data such as personal information of employees, financial statements, banking transfer, health records and so on.
The affected SAP products
10KBLAZE primarily affects misconfigured SAP NetWeaver applications. Other products that are susceptible include:
• SAP S/4HANA
• SAP Enterprise Resource Planning
• SAP Product Lifecycle Management
• SAP Customer Relationship Management
• SAP Human Capital Management
• SAP Supply Chain Management
• SAP Supplier Relationship Management
• SAP NetWeaver Business Warehouse
• SAP Business Intelligence
• SAP Process Integration
• SAP Solution Manager
• SAP Governance, Risk & Compliance 10.x
• SAP NetWeaver ABAP® Application Server 7.0 – 7.52
90 percent of systems vulnerable
The report also indicates that a majority of systems with SAP installations were vulnerable. “Onapsis research gathered over ten years calculates that nearly 90% of these systems, approximately 900,000, may suffer from the misconfigurations for which these exploits are now publicly available,” it said.
Staying Protected from the Exploit
The Onapsis’s report has also detailed solutions in order to stay protected from 10KBLAZE. This involves correctly configuring the SAP Message Server and SAP Gateway, which is critical in SAP applications. Likewise, SAP strongly recommends businesses using their solutions to install security fixes as and when they are released..