As released earlier today, we’ve published 21 new security advisories detailing unprecedented vulnerabilities affecting all SAP HANA based applications, including SAP S/4HANA and SAP Cloud Solutions running on HANA. Among these are eight “critical risk” vulnerabilities, six of them comprising by-design vulnerabilities in SAP HANA, which require system configuration changes in order to be mitigated.
As a company, Onapsis is focused on securing business-critical applications such as SAP and Oracle. An important part of our research relies on identifying, and reporting on critical vulnerabilities in Oracle business applications in order to help Oracle customers reduce the risk to their organization.
In honor of national cyber-security awareness month, we’re kicking off a new blog series focusing entirely around securing SAP HANA. In this series, we will discuss everything from what SAP HANA is, to newly discovered vulnerabilities, security best practices, and recommendations for remediation. Today, we'll start with a blog post meant to educate the security professional about the SAP HANA Platform.
As many of you know, the Onapsis Research Labs regularly releases security advisories detailing the latest known vulnerabilities on SAP applications. Recently, our team has discovered 10 new vulnerabilities that affect SAP HANA. Among these are two “high risk” vulnerabilities which could be used to abuse management interfaces, access corporate data or modify any system configurations, and render systems unusable.
When talking about IT control standards, ISACA is one of the top reference organizations. For people in the “audit & controls” world, ISACA is a common word. For those who don’t know, ISACA is an independent, nonprofit organization focused on the development of industry-leading knowledge and practices for information systems. ISACA released a new version of its SAP security guide Security, Audit and Control Features – SAP ERP 4th Edition, which is a very complete guide to audit different processes in SAP from a technical point of view.
Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios. Depending on the size of the company, the number of SAP Systems, Instances and Products used can be quite large.
Today Onapsis released new security advisories detailing vulnerabilities in SAP Mobile. Included in the security advisories are three “high risk” vulnerabilities which could be used to gain access to sensitive business information within organizations that rely on SAP Mobile.
As a company, Onapsis is focused on the security of business-critical applications such as SAP and Oracle. While our focus is on SAP applications, we have been doing research on Oracle business applications as well, identifying and reporting critical vulnerabilities. In this sense, Oracle is different from SAP, specifically with the way and timing that security patches are released and available to end users.