Configuration vulnerability could leave SAP systems open to compromise

A vulnerability arising from the default installation of popular business management platform SAP could lead to a full compromise of the system say researchers. SAP security and compliance specialist Onapsis has revealed the flaw which is found in SAP Netweaver and can be compromised by a remote unauthenticated attacker with only network access to the system. Driven by a security configuration originally documented by SAP in 2005, the problem is still present in the majority of SAP implementations, either because they've neglected to apply security configurations or due to unintentional configuration drifts of previously secured systems. Onapsis has spent the past… [Continue Reading]