SAP Users Face Urgent Security Threat: High-Severity RFC Protocol Vulnerabilities
SAP users face serious threats due to high-severity vulnerabilities in the Remote Function Call (RFC) protocol. These flaws, rated 9.8 on the CVSS scale, could allow attackers to engage in espionage, sabotage, or fraud. Patching is urgently needed.
Onapsis CEO Mariano Núñez first highlighted these issues in 2007 at Black Hat Europe. Recently, Fabian Hagg of ERNW's security team presented four more vulnerabilities at the TROOPERS Conference in 2023. These include CVE-2021-33677 (CVSS 7.5) and CVE-2021-33684 (CVSS 5.3).
Attackers can exploit these vulnerabilities by chaining and combining them, potentially taking over SAP apps running the RFC protocol. This could compromise exposed systems, impacting their integrity, confidentiality, and availability. Fabian Hagg is credited with reporting these latest vulnerabilities.
Organizations must check their systems for these vulnerabilities and apply relevant patches. This involves updating the SAP Kernel and upgrading the SAP_BASIS software component. Failure to do so could leave SAP apps vulnerable to remote, unauthenticated attackers.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
