This month ERPScan specialists published 8 vulnerabilities of different criticality, found in SAP products.
Vulnerabilities representing almost all risks from the OWASP Top 10: from path traversal and XSS to authorization bypass and code injection - were published on ERPScan.com site.
Every month we publish information about vulnerabilities founded in SAP products by our specialists, but this was a really productive month. We have to say that SAP increased the rate of reaction against vulnerabilities found by third-party researchers. Right now they much faster find solutions for these vulnerabilities, it makes the system more secure. However there is still a huge problem connected with administrators' ignorance and the complexity of installing updates. That's why according to our surveys a huge amount of SAP systems, including those available via internet, contains vulnerabilities, which are already closed by SAP. These companies can be very easy targets for attackers,
— said Alexander Polyakov, the CTO of ERPScan.
Details can be found here: