Palo Alto, CA – December 4, 2014 ERPScan, a renowned name in the Business Application Security space, has just released a new and free service that allows SAP customers to check the security of their SAProuters.
ERPScan, a company focused on analyzing and preventing cyber-attacks and internal fraud in Enterprise Business Applications, such as ERP, CRM, SRM, and other industry solutions, has developed the only enterprise cloud-ready platform for analyzing all areas of SAP security in a 360-degree approach. This includes vulnerability management, source code security for custom programs, and segregation of duties. The company has now published a new service on their website. This service assists SAP customers in confirming whether a given SAProuter is exposed to critical vulnerabilities that exist in this platform.
Recently, a critical vulnerability was discovered in SAProuter. The patch was released by SAP in mid-October 2014 during their monthly security update. The integer overflow vulnerability can be exploited to conduct a denial of service attack on an SAProuter, potentially even with remote code execution. This vulnerability allows disabling many critical business processes of an organization, such as security updates delivery, emergency access, connections with remote offices, etc., effectively rendering the business inoperative.
If your company uses SAP, you have to expose your SAProuter directly to the Internet to be able to get updates from SAP as well as emergency support. Secure configuration of this router requires VPN access, but many SAProuters are available directly from the Internet without VPN. For example, according to our report “SAP Security in Figures”, there are currently some 5000 SAProuters on the Internet that are installed on the default port, and about 85 % of them are vulnerable to a critical issue.
Now, we are providing all SAP users with a free service that can analyze the security of their SAProuters against this recently published bug as well as old vulnerabilities and misconfigurations,
says Alexander Polyakov, the CTO of ERPScan.
This is not the only issue found in SAProuter. About a year ago, ERPScan researchers helped SAP to close another very critical issue in SAProuter that allowed full remote control over the system. This vulnerability was also nominated at BlackHat’s Pwnie Awards as the most critical server-side vulnerability.
ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named as an ‘Emerging vendor’ in Security by CRN and distinguished by more than 25 other awards – ERPScan is SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf supporting in improving security of their latest solutions.
ERPScan’s primary mission is to close the gap between technical and business security and provide solutions to evaluate and secure ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale.
We use ‘follow the sun’ principle and function in two hubs, located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time while providing an agile customer support.
SAP is at the center of today’s technology revolution, developing innovations that not only help our customers run at their best, but also improve the lives of people everywhere.
As the market leader in enterprise application software, SAP helps organizations of all sizes and industries combat the damaging effects of complexity, generate new opportunities for innovation and growth, and stay ahead of the competition.
SAP applications and services enable more than 263,000 customers to operate profitably, adapt continuously, and grow sustainably.