SAP HANA, cloud and mobile systems vulnerable to attack

SAP tends to make headlines somewhat infrequently when it comes to security issues, but a recent report from business application security research firm ERPScan indicated the number of vulnerable SAP systems is increasing. Vulnerabilities have also been detected in the company’s cloud, mobile and HANA offerings.

The report noted that 36,000 SAP systems worldwide are connected to the Internet, whereas 69 percent should not be directly connected to the Internet. It’s an issue that ERPScan’s report calls “unnecessarily exposed SAP services.” The United States leads the top 10 list of countries with the most unnecessarily vulnerable systems at 3,660, followed by India and China (which share second place).

According to ERPScan, interest in SAP cybersecurity has increased in recent years. SAP aims to educate its customer and partner base with a monthly security report.

The August report indicated a continuing growth in denial of service attacks against SAP systems. An Onapsis security blog post noted the August SAP security report showed the highest number of DoS attacks so far in 2016. When combined with the number of DoS vulnerabilities noted in the July report, there’s evidence of more DoS attacks in the last two months than in the entire first half of the year.

Based on the ERPScan report, security vulnerabilities are to be found just about everywhere within the SAP portfolio. The report indicated there are vulnerabilities in every module. The most vulnerable product category is SAP’s CRM portfolio, followed by Portal and SRM.

Part of the reason for the increase in vulnerabilities and growing interest in SAP security initiatives is the vendor’s forays into modern cloud and mobile technologies, the report noted. Both cloud and mobile are high on SAP’s priority list, but it also means increased risk. The company’s installed base means cloud and mobile vulnerabilities could affect thousands of multinational companies, the report indicated. Reported SAP Mobile issues could affect more than 1 million devices worldwide, the report stated.

The report paints a gloomy picture, offset by the fact that SAP’s regional talks on securing its systems have increased around the world.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Chris Talbot
Chris Talbot
Chris is a freelance technology writer that resides in the Northwest Territories. A former editor at ITWC, he now spends his time as a scribe for various tech publications while having an appreciation for the finer things in life - namely beer and cigars.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.