SAP Bug Still Exposing Companies Six Years After Being Patched!




/ 9 years ago

SAP Bug Still Exposing Companies Six Years After Being Patched!

We are constantly reminded about keeping our software up to date, from something like Word to the auto-updates of Windows 10. Amongst all the features and tweaks we often get with these updates, the first and foremost reason for fixes and updates is often security, with each update fixing another problem found in software. SAP had a rather bad bug back in 2010 before it updated its system to fix the problem. The issue now is that companies are still being caught by the vulnerability that was fixed six years ago.

The SAP function in question was found in the “invoker servlet”, giving hackers the ability to run Java applications without passwords or authentication credentials, essentially giving them a free pass to execute code without any issues. According to researchers at Onapsis, a security firm, the vulnerability is still being used to carry out attacks on over 36 different companies.

With companies involved in telecommunications or gas being affected by the breach, sensitive data, both about the company and their customers, is at risk while also giving an external source the ability to take control of their servers that process the data, opening up their systems to a whole different level of threat.

The invoker servlet was disabled by default in 2010, meaning that either the companies have decided to not update their systems since the fix or they’ve turned the servlet back on to make it run with something they use. While companies often have to be careful with updates, a simple bug fix like this could stop your entire system from communicating with the programs it needs to do its job, leaving such a big threat active on your system for so long can only be seen as a bad omen for the future.


Topics: , , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features


Send this to a friend
})