Services Vulnerabilities Exploits Publications News Blog About DSecRG

SAPocalypse - concept of a new SAP worm will be presented at HITB Malaysia

Two months have passed since the report on critical vulnerability in SAP's J2EE engine was published. Though it is a serious vulnerability, some people didn't estimate it, pointing to the fact that only systems on the JAVA basis which sometimes don't store critical data, as ERP or BI do and used for these systems' connection and collaboration.

In a new report which will be presented at the HITB conference in Malaysia, ERPScan specialists will show prototype of a new worm with a code name SAPacalypse. It will use a vulnerability in SAP NetWeaver JAVA server, available via the Internet and then connects to the connected ABAP servers in the internal network, where ERP, CRM, BI and other applications can be installed. After it virus steals critical data and data for connection to other linked servers from these systems. Taking into account a deep integration of business processes and as a result a multiple connections using internal links, it will allow to get into almost any corporate systems via the only vulnerable.

Kuwaiti oil barons are worried about SAP security

ERPScan educates German students

ERPScan researchers guard Adobe

ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0

News list

© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail:
Rss: Vulnerabilities, Exploits, News, Publications, Summary