By 
Companies using SAP business apps have been cautioned that the risk of attacks concerning some old configuration issues has augmented after scholars released proof-of-concept (PoC) activities.
SAP Message Server and SAP Gateway use an access control list (ACL) to stipulate which IP addresses are permitted to record application servers. If this ACL is not organized correctly, any host with network access to the Message Server can record an application server, allowing an invader with network access to susceptible systems to take complete control, including to generate new users and view or adapt sensitive business data.
The security weaknesses can affect many SAP products, including NetWeaver Application Server (AS) and S/4HANA.
In 2005, SAP issued a security note (8218752) providing directions on how users can correctly establish an ACL for the Message Server. Four years later, the company issued another security note (14080813) with directions on how to properly configure the access list for Gateway. Then, in 2010, it issued another note (14210054) strengthening the significance of properly configuring the Message Server ACL.
Nevertheless, Onapsis, a company that specifies in securing SAP and Oracle business applications, revealed that many organizations are still unable to correctly configure their installations. The company warned last year that most SAP systems were susceptible to attacks on account of these misconfigurations.
Adventures intended to target unsuitably configured systems were made public for the first time last month by two scholars who had a session on SAP configuration and building issues at the OPCDE cybersecurity conference in Dubai. Onapsis believes the risk of attacks has augmented pointedly in the wake of the release of the PoC exploits.
“Based on publicly available data provided by SAP, Onapsis estimates that approximately 50,000 companies and a collective 1,000,000 systems are currently using SAP NetWeaver and S/4HANA. Onapsis research gathered over ten years calculates that nearly 90% of these systems, approximately 900,000, may suffer from the misconfigurations for which these exploits are now publicly available,” Onapsis said in a report published on Thursday.
The company said the susceptible mechanisms should not be exposed to unreliable networks, but it discovered many systems linked directly to the internet, making it possible for remote, unverified hackers to mount attacks.
While fresh versions of SAP software are configured by default to avert unlawful connections, Onapsis has directed organizations to ensure that this configuration has not glided into an unconfident state.
