Services Vulnerabilities Exploits Publications News Blog About DSecRG


SAPocalypse - concept of a new SAP worm will be presented at HITB Malaysia

Two months have passed since the report on critical vulnerability in SAP's J2EE engine was published. Though it is a serious vulnerability, some people didn't estimate it, pointing to the fact that only systems on the JAVA basis which sometimes don't store critical data, as ERP or BI do and used for these systems' connection and collaboration.

In a new report which will be presented at the HITB conference in Malaysia, ERPScan specialists will show prototype of a new worm with a code name SAPacalypse. It will use a vulnerability in SAP NetWeaver JAVA server, available via the Internet and then connects to the connected ABAP servers in the internal network, where ERP, CRM, BI and other applications can be installed. After it virus steals critical data and data for connection to other linked servers from these systems. Taking into account a deep integration of business processes and as a result a multiple connections using internal links, it will allow to get into almost any corporate systems via the only vulnerable.



News RSS RSS
06.06.2012
Kuwaiti oil barons are worried about SAP security

01.06.2012
ERPScan educates German students

25.05.2012
ERPScan researchers guard Adobe

24.04.2012
ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search