News

SAP Bug Still Exposing Companies Six Years After Being Patched!

We are constantly reminded about keeping our software up to date, from something like Word to the auto-updates of Windows 10. Amongst all the features and tweaks we often get with these updates, the first and foremost reason for fixes and updates is often security, with each update fixing another problem found in software. SAP had a rather bad bug back in 2010 before it updated its system to fix the problem. The issue now is that companies are still being caught by the vulnerability that was fixed six years ago.

The SAP function in question was found in the “invoker servlet”, giving hackers the ability to run Java applications without passwords or authentication credentials, essentially giving them a free pass to execute code without any issues. According to researchers at Onapsis, a security firm, the vulnerability is still being used to carry out attacks on over 36 different companies.

With companies involved in telecommunications or gas being affected by the breach, sensitive data, both about the company and their customers, is at risk while also giving an external source the ability to take control of their servers that process the data, opening up their systems to a whole different level of threat.

The invoker servlet was disabled by default in 2010, meaning that either the companies have decided to not update their systems since the fix or they’ve turned the servlet back on to make it run with something they use. While companies often have to be careful with updates, a simple bug fix like this could stop your entire system from communicating with the programs it needs to do its job, leaving such a big threat active on your system for so long can only be seen as a bad omen for the future.

Gareth Andrews

Disqus Comments Loading...

Recent Posts

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

4 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

4 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

4 hours ago

Logitech G Saitek Farm Sim Controller

Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…

4 hours ago

Razer Ornata V3 X – Low Profile Gaming Keyboard

Low-profile Keys for an ergonomic gaming experience. With slimmer keycaps and shorter switches, enjoy natural…

4 hours ago

Glorious Gaming Model O Wired Gaming Mouse

Size & style: Ambidextrous lightweight mouse for gaming. Built for speed, control and comfort, with…

4 hours ago