The Onapsis Security Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Blaze Blog Banner

New Critical Public Exploits Put SAP Applications at Risk

Onapsis issues threat report and steps to stay protected

When we became aware that several new exploits targeting SAP applications were now available on a public forum, we instantly began to act. We have already notified all our customers about this serious threat and how we can ensure you are protected with our Onapsis Security Platform. For all other SAP users, we are here to help you too. This is our mission and we are sharing the details of what you can do today, including the release of two open source Snort signatures for your firewalls and IPS/IDS.

Get the signatures and full Onapsis Threat Advisory now.

These exploits, known as ‘10KBLAZE’, are not targeting vulnerabilities inherent in SAP code, but administrative misconfigurations of SAP NetWeaver installations, including S4/HANA. The misconfigurations are properly addressed by SAP Security Notes that have been available for more than 10 years.

Why are you at risk?
Our research team believes that approximately 900,000 systems suffer from these misconfigurations. The exploits can lead to full compromise of the platform and deletion of all business application data, including the modification or extraction of highly-sensitive and regulated information from applications such as SAP Business Suite, SAP ERP, SAP CRM, SAP HCM, SAP PLM and others. ‘10KBLAZE’ can be executed by a remote, unauthenticated attacker having only network access to the system.

Why is this critical?
The impact and risk to your business created by these exploits can be material. Risks include attackers creating new users in the SAP system with arbitrary privileges, allowing them to view and modify critical and sensitive business data (e.g., employees’ personal information, financial statements, banking transfer and routing processes, patient health records, critical infrastructure and energy distribution schedules, medication dosage amounts). Attackers can also leverage ‘10KBLAZE’ to gain full access to databases, take SAP systems offline and permanently delete business-critical and regulated information.
   
ALL confidentiality, integrity, and availability of the data stored in these systems and corresponding databases are vulnerable to this exploit.

How to Stay Protected
Whether you’re an Onapsis customer or not, our mission is to keep your SAP systems protected. Our Onapsis Research Labs and our industry leading Onapsis Security Platform deliver upon the mission. Additionally, when we find or are alerted to critical vulnerabilities and exploits, we take the proper action to keep you protected. Here’s how to stay protected from the ‘10KBLAZE’ exploits:

For Onapsis customers, you can do the following in the Onapsis Security Platform:

  • Discover whether you’re susceptible to this misconfiguration
  • Review incident reports that monitor SAP instances for signs of the exploit to prevent configurations from reverting to an insecure state  

We are here to help you and welcome you to contact us. You do not need to be an existing Onapsis customer to engage with us. Please read the Onapsis Threat Advisory, download and implement the Snort Signatures and ask us to perform a discovery service today.

Request a
Business Risk Illustration

Examine the security posture and risk exposure of your business-critical applications to determine the potential impact of a cyberattack on your organization.

Engage