We are constantly reminded about keeping our software up to date, from something like Word to the auto-updates of Windows 10. Amongst all the features and tweaks we often get with these updates, the first and foremost reason for fixes and updates is often security, with each update fixing another problem found in software. SAP had a rather bad bug back in 2010 before it updated its system to fix the problem. The issue now is that companies are still being caught by the vulnerability that was fixed six years ago.
The SAP function in question was found in the “invoker servlet”, giving hackers the ability to run Java applications without passwords or authentication credentials, essentially giving them a free pass to execute code without any issues. According to researchers at Onapsis, a security firm, the vulnerability is still being used to carry out attacks on over 36 different companies.
With companies involved in telecommunications or gas being affected by the breach, sensitive data, both about the company and their customers, is at risk while also giving an external source the ability to take control of their servers that process the data, opening up their systems to a whole different level of threat.
The invoker servlet was disabled by default in 2010, meaning that either the companies have decided to not update their systems since the fix or they’ve turned the servlet back on to make it run with something they use. While companies often have to be careful with updates, a simple bug fix like this could stop your entire system from communicating with the programs it needs to do its job, leaving such a big threat active on your system for so long can only be seen as a bad omen for the future.
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…
The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…
【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…