Mass disclose of vulnerabilities in SAP from ERPScan specialists

DSECRG Advisories

This month ERPScan specialists published 8 vulnerabilities of different criticality, found in SAP products.

Vulnerabilities representing almost all risks from the OWASP Top 10: from path traversal and XSS to authorization bypass and code injection – were published on site.

Every month we publish information about vulnerabilities founded in SAP products by our specialists, but this was a really productive month. We have to say that SAP increased the rate of reaction against vulnerabilities found by third-party researchers. Right now they much faster find solutions for these vulnerabilities, it makes the system more secure.
However there is still a huge problem connected with administrators’ ignorance and the complexity of installing updates. That’s why according to our surveys a huge amount of SAP systems, including those available via internet, contains vulnerabilities, which are already closed by SAP. These companies can be very easy targets for attackers,

— said Alexander Polyakov, the CTO of ERPScan.

Details can be found here: