SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, which would allow an unauthenticated attacker to take control of SAP applications.
Experts Comments
The SAP NetWeaver AS JAVA vulnerability is particularly concerning since SAP is used in the framework of many organization’s applications.
Java-based web applications are among the most common on the internet today and remain the most vulnerable to high-risk vulnerabilities like remote code execution, SQL injection, cross-site scripting and other vulnerabilities in the OWASP Top 10.
The SAP NetWeaver AS JAVA vulnerability is particularly concerning since SAP is used in the framework of many organization’s applications guarding their most precious data assets. This vulnerability points to the need already pointed out by NIST.....Read More
The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability.
This is the second major Java-based 0-day in the wild in as many weeks targeting widely deployed, Internet-facing critical software. The challenge of critical bugs is that traditional approaches may take days or even weeks to discover all exploitable instances of vulnerability. Even when a patch is issued, successfully ensuring every application is patched becomes a race against malicious actors that know exactly what software they should be targeting. In the case of the SAP bug, the.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@James MacQuiggan, Security Awareness Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"When a new exposed and critical vulnerability with huge repercussions is known, organisations want to patch these systems and applications immediately..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-sap-critical-bug-allows-unrestricted-access-to-erp-crm
Facebook Message
@James MacQuiggan, Security Awareness Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"When a new exposed and critical vulnerability with huge repercussions is known, organisations want to patch these systems and applications immediately..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-sap-critical-bug-allows-unrestricted-access-to-erp-crm