ERPScan CTO Alexander Polyakov spoke at the international Just4Meeting conference in Portugal on July 6. His presentation was dedicated to the top 10 most interesting vulnerabilities and attacks on SAP.
He told the audience about a buffer overflow vulnerability in ABAP Kernel, a DoS attack through the SAP NetWeaver ABAP web interface, bad password encryption in SAPGUI, specific vulnerabilities of ABAP language, and of course authentication bypass vulnerabilities in SAP NetWeaver J2EE. He also shared the results of the “SAP Security in Figures” report, particularly the results of the scan for SAP services exposed to the Internet made across Portugal by ERPScan researchers.
We were specially invited by the event organizers as the most widely known experts in the subject. SAP solutions are becoming popular in Portugal and CISOs are thinking forward to protect them. Apart from the technical details of interesting vulnerabilities, our report contains the statistics of SAP popularity in the country. The amount of SAP systems accessible from the Internet in Portugal and in the world was compared. The figures for Portugal are currently significantly worse than for the worldwide statistics so the region evidently needs education workshops and SAP security assessments
– said Alexander Polyakov.
The presentation called “Top 10 most interesting vulnerabilities and attacks on SAP” can be downloaded here.