Expert Insight On SAP Critical Bug Allows Unrestricted Access to ERP, CRM

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, which would allow an unauthenticated attacker to take control of SAP applications.


EXPERTS COMMENTS
James MacQuiggan, Security Awareness Advocate,  KnowBe4
July 15, 2020
When a new exposed and critical vulnerability with huge repercussions is known, organisations want to patch these systems and applications immediately
If you discovered in your neighborhood that burglars were breaking into the back windows of homes, you would likely take appropriate steps to protect your home. Whether you install break-proof windows, motion-sensing lights, or an alarmed security system to alert a break-in, these are actions to reduce the risk of an attack on your home. When a newly exposed and critical vulnerability with huge r ....
[Read More >>]
Jayant Shukla, CTO and Co-Founder,  K2 Cyber Security
July 15, 2020
The SAP NetWeaver AS JAVA vulnerability is particularly concerning since SAP is used in the framework of many organization’s applications.
Java-based web applications are among the most common on the internet today and remain the most vulnerable to high-risk vulnerabilities like remote code execution, SQL injection, cross-site scripting and other vulnerabilities in the OWASP Top 10. The SAP NetWeaver AS JAVA vulnerability is particularly concerning since SAP is used in the framework of many organization’s applications guarding t ....
[Read More >>]
Casey Ellis, CTO and Founder,  Bugcrowd
July 15, 2020
The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability.
This is the second major Java-based 0-day in the wild in as many weeks targeting widely deployed, Internet-facing critical software. The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability. Even when a patch is issued, successfully ensuring every application is patched becomes a race against malicious actors t ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article