This month ERPScan specialists published 8 vulnerabilities of different criticality, found in SAP products.
The vulnerabilities represent almost all the categories from the OWASP Top 10: from path traversal and XSS to authorization bypass and code injection – were published on ERPScan.com site.
Every month we publish the information about vulnerabilities found in SAP products by our specialists, but this month was especially productive. We have to mention that SAP increased the rate of reaction against vulnerabilities found by third-party researchers. Now they can find solutions for these vulnerabilities much faster, which makes the system more secure. However, the administrators’ ignorance and the complexity of installing updates still form a problem Due to this issue, according to our surveys, a huge number of SAP systems, including those available via Internet, contains vulnerabilities, which are already patched by SAP. These companies can be easy targets for attackers,
— said Alexander Polyakov, the CTO of ERPScan.
The details can be found here: