Global 9 5% of the SAP Enterprise Management System there is a security vulnerability that could lead to serious data leakage-vulnerability warning-the black bar safety net

ID MYHACK58:62201562254
Type myhack58
Reporter 佚名
Modified 2015-05-11T00:00:00


According to Onapsis research report, the world more than 2 5 million for corporate due to the SAP system in the presence of a series of security vulnerabilities affected, may lead to serious corporate data breaches. SAP is the world's most popular enterprise application software companies and solution providers, is 8 more than 5% of the global 5 0 0 enterprises and 1 9 0 National 2 8 2,0 0 0+customers to provide solutions. Vulnerability reasons Recently in for SAP solutions provider conducted a study, more than 9 5% of the enterprise SAP there are serious security issues that they are placed in a network attack risk and can lead to serious data breaches. Effects include 9 8% 1 0 0 most valuable brand in the world more than 2 5 0 0 0 0 SAP Business customers are due to the SAP system, a series of vulnerability and exposed in a cyber attack. Onapsis CEO Mariano Nunez says: “The most surprising is that because of the SAP operation team and IT security team of responsibilities between the gap, most of the company's SAP network security are faced with the threat. In fact, applied most of the patches are unrelated to security, published late or the introduction of a further operating risk.” The study also reported that in the 2 0 1 4 year SAP released 3 9 1 security patches, and of them 5 0% or more have been assessed as high risk vulnerabilities. Attack the manner and scope of impact For SAP applications a major cyber attack that system weaknesses)is divided into the following categories: 1. Core network: the implementation of remote function module. 2. Data warehouse: in order to obtain or modify the SAP information in the database, using the SAP RFC gateway is a vulnerability in the implementation of the administrator permissions command. 3. Portal attack: the use of the vulnerability to create a J2EE back door account to access the SAP portal and other internal systems. ! The report is provided for the SAP system The three most common network attacks, details of these attack vectors that a hacker can invade the SAP system and be able to access company Application Data. After the expert study confirmed that a cyber attack will seriously affect the following key business processes: 1. In the SAP system between the use of Pivoting, resulting in customer information and credit card information leakage. 2. Customers and suppliers portal to attack. 3. Through the SAP proprietary Protocol of the data warehouse to initiate attacks. According to Núñez said, SAP HANA should be on the newly added 4 5 0% security patches: “This trend is not only continuing, but with the advent of SAP HANA even worse, because the SAP HANA leads to a new security patch increase 4 5 0 per cent. Because SAP HANA is within the SAP ecosystem center, it is stored in the SAP platform, the data must now be while in the cloud and front end for protection.” Security measures The report also provides the following plan of action to improve your SAP system security level: 1. Get SAP-based assets of the visualization function, to determine the“risk value”. 2. Through continuous monitoring to prevent security and compliance problems. 3. Detect and respond to new threats, attacks or user abnormal performance as an attack indicator. In order to protect the SAP software, follow any of the SAP security recording and monitoring of the internal system structure is very important, this can be effective in preventing some security issues.