More than 50k firms are vulnerable by SAP exploits
SAP exploits could be used by cybercriminals to compromise a dozen SAP applications and delete all business data of SAP owner. Vulnerabilities present in SAP NetWeaver installations are primarily targeted by these exploits.
More than 50,000 companies using SAP are at big risks to lost all business data. The exploits targeting configuration flaws of SAP. A report by cybersecurity firm Onapsis has explained how those exploits affecting SAP-based systems. According to this report, about a million systems could be affected.
Exploits known as "10KBLAZE", targeting two technical components in SAP applications. The vulnerable parts are SAP Message Server and SAP Gateway. With these exploits, hackers could create new users in the SAP system with highest privileges allowing them to view, modify, download or delete confidential business data such as personal information of employees, financial statements, banking transfer, health records, and similar.
Affected SAP products
"10KBLAZE" affects misconfigured SAP NetWeaver applications. Take a look at other vulnerable SAP products:
- SAP S/4HANA
- SAP Enterprise Resource Planning
- SAP Product Lifecycle Management
- SAP Customer Relationship Management
- SAP Human Capital Management
- SAP Supply Chain Management
- SAP Supplier Relationship Management
- SAP NetWeaver Business Warehouse
- SAP Business Intelligence
- SAP Process Integration
- SAP Solution Manager
- SAP Governance, Risk & Compliance 10.x
- SAP NetWeaver ABAP® Application Server 7.0 - 7.52
90 percent of SAP systems vulnerable
The report shows that most of the systems with SAP installed are vulnerable. Onapsis research gathered over ten years calculates that nearly 90% of SAP systems could be affected. It is approximately 900,000, systems with the misconfigurations for which these exploits are now publicly available.
How to Protect your systems from the Exploit 10KBLAZE
Onapsis’s report proposed a solution to stay protected from 10KBLAZE. This involves correctly configuring the SAP Message Server and SAP Gateway, which is critical in SAP applications. Likewise, SAP strongly recommends businesses using their solutions to install security fixes as and when they are released.
How to secure your self? First of all, you should hire a cybersecurity firm to make your network audit for vulnerabilities. But the quick tip could be to hide your IP address. The best tool to do that is VPN a virtual private network.