Blog Posts Tagged with "SAP"


Webcast: SAP Pentesting - From Zero 2 Hero with Metasploit

December 16, 2013 Added by:InfosecIsland News

The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.

Comments  (0)


Latest SAP Security News

August 29, 2012 Added by:Alexander Polyakov

The most interesting thing is that the SAP HostControl is exposed to the Internet by many companies. Speaking numbers, 10% of companies that use SAP worldwide expose the SAP HostControl service to the Internet. I think you can imagine what can be done to those companies if hackers exploited this hole...

Comments  (0)


Critical Vulnerability in SAP Message Server: A Worldwide Scan

July 04, 2012 Added by:Alexander Polyakov

Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...

Comments  (0)


Companies Exposing Critical SAP Services to the Internet

June 19, 2012 Added by:Alexander Polyakov

For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...

Comments  (0)


Installation of Vendor's Patch Does Not Guarantee Security

March 26, 2012 Added by:Alexander Polyakov

A vulnerability in Lotus Domino was quickly disassembled, and the resulting exploit employed, demonstrating that the existing patch could be bypassed by a critical 0-day vulnerability. The result was an attack on the Domino Controller service and a full server compromise...

Comments  (0)


Mass Disclosure of Vulnerabilities in SAP

November 22, 2011 Added by:Alexander Polyakov

This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...

Comments  (1)


TomorrowNow Sentenced on Computer Intrusion Charges

September 19, 2011 Added by:Headlines

TomorrowNow, Inc., a non-operating subsidiary of SAP, today was sentenced to probation and ordered to pay a fine to the United States of $20 million for unauthorized access to computer servers belonging to Oracle Corporation (Oracle) and for willfully infringing copyrights held by Oracle...

Comments  (0)


Deceptive Emails - This Time From SAP

December 08, 2010 Added by:Ben Rothke

I just received an email from VeriSign that shows they did remove all misleading language. But SAP seems not to have learned the same lesson. The subject line of ‘Get a $10 Gift card by completing IFRS Survey’ is clearly deceptive...

Comments  (0)

Page « < 1 - 2 > »