New Exploits Target Components of SAP Applications

New exploits have been targeting SAP systems, allowing attackers to fully compromise the platform and delete all business application data, according to new research from Onapsis Inc. The exploits, dubbed 10KBLAZE, can potentially compromise all NetWeaver Application Server (AS) and S/4HANA systems. “In exposed systems, the exploits can be executed by a remote, unauthenticated attacker having only network connectivity to the vulnerable systems. These exploits are not targeting vulnerabilities inherent in SAP code, but administrative misconfiguration of SAP NetWeaver installations,” the report said. Attackers could also modify or extract highly sensitive and regulated information in what Onapsis called a serious threat, given that an estimated 50,000 companies and one million systems are configured using SAP NetWeaver and S/4HANA. Misconfigurations in access control lists (ACLs) could leave systems vulnerable. Based on research collected over the past decade, the report estimated that nearly 90% of these systems suffer from the misconfigurations for which these exploits are now publicly available.