Mass Disclosure of Vulnerabilities in SAP

Tuesday, November 22, 2011

Alexander Polyakov


Mass Disclosure of Vulnerabilities in SAP from ERPScan Specialists

This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products.

The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection - and were published on the site.

Every month we publish information about vulnerabilities found in SAP products by our specialists, but this was a really productive month.

We have to say that SAP has increased the rate of reaction against vulnerabilities found by third-party researchers. Right now they much are faster at finding solutions for these vulnerabilities, and it makes the system more secure.

However there is still a huge problem connected with administrators' ignorance and the complexity of installing updates.

That's why according to our surveys, a huge amount of SAP systems - including those available via internet - contain vulnerabilities which were already closed by SAP.

"These companies can be very easy targets for attackers," said Alexander Polyakov, the CTO of ERPScan.

Details of the vulnerabilities can be found here:


Possibly Related Articles:
Information Security
XSS Authentication Vulnerabilities Cross Site Scripting SAP Cache Injection SysAdmin
Post Rating I Like this!
john niko I see many document to Become a SAP Consultant because it's few hard to follow it need your already working with SAP looking to make your career in SAP
like sap press e-books and sap official course and many other say to me I need to buy video because will help me learn by watching the author perform the operation that are being taught and as he explains step by step and SAP press e-book will help you to be consultant (FICO,MM,SD,ABAP,BW,GRC,BASIS,HANA.....) from The Instructor has Certification overkill in SAP

if you have any document other than sap press e-books course please let me know your help is very much appreciate

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.