SAP Security bugs, security bugs in SAP,
Global leader of the ERP market segment and Europe's biggest software company SAP which also SAP claims 87% of the top 2000 global companies as customers. SAP is now facing issues with U.S security alerts over security issues for security security bugs that was disabled 6 years ago. Despite being disabled, this can still probe the attacker having a remote control over the older version of SAP that was not patched. SAP had claimed to fixed the security issue but left it to the discretion of the customer wheter to switch off an easy accees setting, who may opt to implement a higher priority SAP system running than on applying the security patches to fill up the security holes. SAP, provides ERP solution for many multinationals disclosed the vulnerability in 2010 and has offered software patches to fix the flaw.
On 11th of this month, The U.S. Department of Homeland Security's Computer Emergency Response Team (US-CERT) released an alert notice to security industries suggesting SAP customers various steps to be taked to patch up the SAP system. This year the US-CERT has issues 3 such security warnings.
"This is not a new vulnerability,” Mariano Nunez, chief executive of Onapsis, which works with SAP to plug security holes, told Reuters in advance of the U.S. security alert. "Still, most SAP customers are unaware that this is going on." Onapsist specializes in securing business applications from SAP and its biggest rival Oracle.
SAP issued a statement that the vulnerable feature was fixed when the company introduced the software update six years ago. "All SAP applications released since then are free of this vulnerability," the company said in an emailed statement. However The security patch issue are still noticeable among many SAP customers since they are dependant on the older versions of SAP and in such case it dates back years, or in extreme examples, even decades.
The alert warning issued by the authority mainly emphasizes that SAP is managed inhouse and an external system without much awrareness and knwoledge, it is susceptible to various sort of attacks like public-facing websites, email systems and networks that suffers frequently.
As per the SAP experts they believe the accountability if how the bugs are fixed is more important as compared to the issues with the softwares. Furthermore customers of SAP are heavily depeandant on a barious consultants, external audit firms and specialized internal SAP security teams to decide when to install patches without risking destabilizing their systems. SAP produces dozens of software patches each month to fix bugs in its software.
But in the case of SAP, an unknown number of customers have not applied the fix. Security experts say because SAP systems contain sensitive financial, human resources and business strategy information, that means SAP security typically is the responsibility of specialists familiar with the complexities of the underlying business applications, rather than company-wide security teams who focus on outside cyber security threats.