The US-CERT was forced to issue a security alert for the first time ever on Thursday about SAP business applications after it was revealed that outdated or misconfigured systems are being exploited by hackers around the world.
The alert claims at least 36 organizations worldwide in a range of industries are affected by the current issue, first discovered by security firm Onapsis.
The vulnerability in question sits on the application layer, independent of the database application or operating system, it added.
The alert continues:
“The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker Servlet contains a vulnerability that was patched by SAP in 2010. However, the vulnerability continues to affect outdated and misconfigured SAP systems.”
The result could be catastrophic for affected organizations, allowing unauthenticated remote hackers to gain full access to affected SAP systems and control the associated business information and processes, as well as potentially using it as a stepping stone into other systems. For the full article click here
from hacker samurai http://ift.tt/23KYakG
via IFTTT
No comments:
Post a Comment