Critical vulnerability in SAP Afaria MDM can put millions of mobile users at risk of losing access to corporate data
Palo Alto, CA – August 19, 2015 Advisory describing a critical buffer overflow vulnerability in SAP Afaria MDM server that can disable access to corporate systems for millions of mobile users was published today at the ERPScan’s website.
ERPScan, the most respected and credible Business Application Security company providing solutions to assess and secure SAP and Oracle ERP systems, today published details of the vulnerability in SAP Afaria MDM solution. This vulnerability, as well as other critical issues in SAP Afaria, was planned to be presented at the BlackHat APAC security conference in March, but the presentation was revoked by ERPScan because of responsible disclosure rules.
SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin, Vahagn Vardanyan, Roman Bezhan were closed.