Three SAP Vulnerabilities You Need to Patch Right Now
If you are using SAP mobile than your private information is at risk even if it is encrypted. Today Onapsis, SAP security company, has released information regarding three critical vulnerabilities in SAP Mobile.
All these vulnerabilities were quickly fixed by SAP, however systems that did not apply patches remain open to security breaches. Since the prodcut is used by many leading enterprises across the globe, this vulnerability must be taken very seriously and patches should be applied immediately.
As it appears SAP Mobile uses predictable encryption passwords for configuration and these vulnerabilities make it possible to expose other parts of the SAP business software to an attack.
Three discovered flaws allow recovery of keystream, using which a cyber attacker can get an access to vulnerable device and decrypt all credentials and private information. Giving an unauthorized user access to log-in credentials located in a vulnerable device. Log-in data would allow an attacker to connect to other business applications and access or modify business information.
SAP Mobile is used by huge amount of companies to develop apps for their customer, employees and partners. Depending on organizational structure of a company these critical vulnerabilities prevent access control to most valuable information, such as: budgeting, planning and forecasting, project information, customer data, financial statements and much more, thus exposing important data useful for cyber spies.
Later the company has released a statement, urging everyone to patch their systems:
We provide recommendations on the secure setup and operation of SAP systems, and we regularly issue critical security patches. Although we strongly urge customers to implement those patches and recommendations in a timely manner, we often do not have control over when this is done.